I.T.  LEADERSHIP:  WHY  ATTILA  THE  HUN  IS  A  BAD  ROLE  MODEL 


POST-IMPLEMENTATION  AUDITS 

How  to  do  them  right 

without  wasting  time,  money  Page74 

LESSONS  FROM  THE  FRONT  LINES 

Farmers  Insurance’s  CIO  learns 
the  business  by  living  it  page84 


SPECIAL  REPORT 


c 

Easy  Integration— 

Here’s  Why 
You’re  Still  Waiting; 

Inside  the  Battle  Over  Standards  Page  54 


HOW  EARLY  ADOPTERS  ARE 
MINIMIZING  RISK- 

Motorola,  Wells  Fargo,  U.S.  Navy  Page  64 


Dave  Watson, 
vice  president 
and  CTO  of 
Kaiser  Permanente, 
is  not  just  waiting 
around  for  Web 
services  standards 
to  emerge;  he’s 
active  in  WS-I, 
which  focuses  on 
interoperability  issues. 


v  V 

*  \ 


Urn 

NatiOnalB,?eal 
JoumZnSln  ess 


OCTOBER  1,  2003  •  $9.00  CIO 


_ 


- - 


=OgSL_ _ 


2003  Microsoft  Corporation.  All  rights  reserved.  Microsoft.  SQL  Server.  Windows,  and  the  Windows  logo  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation 
the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Introducing  Microsoft  Windows  Server  2003.  Do  more  with  less. 

You’re  being  asked  to  do  more.  You’re  being  asked  to  do  it  with  less.  Microsoft  Windows'  Server  2003  is  designed 
to  help  you  manage  these  opposing  forces  with  powerful  server  consolidation  capabilities  that  increase  efficiency, 
decrease  man-hours,  and  lower  your  total  cost  of  ownership.  Download  your  free  evaluation  copy  of  Windows 
Server  2003  at  microsoft.com/windowsserver2003  Software  for  the  Agile  Business. 

Information  Resources ,  Inc.  (IRI)  manages  over  122  terabytes  of  data  to  provide  consumer  behavior  insights ,  advanced 
analytics,  and  decision  analysis  tools  for  some  of  the  largest  consumer  packaged  goods,  healthcare,  retail,  and  financial 
companies  in  the  world.  To  meet  increasing  demand  for  faster,  more  granular  business  intelligence  while  reducing 
costs,  IRI  is  using  64-bit  editions  of  Windows  Server  2003  and  SQL  Server™  2000  on  an  Intel  Itanium  2  system  to 
deliver  faster  answers  to  its  customers.  The  result?  IRI  will  be  able  to  process  more  queries,  using  a  fraction  of  the 
number  of  servers  while  realizing  significant  cost  savings  and  improving  customer  service. 


"tffw'tfi  I'tnwn 


I  mzmsm  * 


Build  a  200-server  infrastructure 


- — 


iv; 


S3 


-Sts 


s- 


- 


33 


sssiS  ; = 


ONLY  ONE  REPORTING 
WORKS  ACROSS  DEPART 
ACROSS  DIVISIONS.  ACRO 

INTRODUCING  COGNOS 


) 


JOIN  THE  REVOLUTION. 


It’s  not  an  evolution.  It’s  a  revolution. 

Introducing  Cognos  ReportNet™  the  new  enterprise  reporting  standard. 
Now,  you  can  deliver  consistent  information  across  your  business. 
Replace  stand-alone  reporting  tools  with  the  only  solution  that  handles 
everything  from  customized  queries  to  production  reports. 

Build  reports  once.  Deploy  in  any  language.  Automatically. 

Make  your  IT  team  and  users  more  productive. 

All  on  a  zero-footprint,  open  architecture  built  specifically  for  the  Web. 

See  how  you  can  drive  performance. 

Read  about  Breakthrough  Reporting  at: 


Cognos.com/reportnet 


Copyright  ©  2003  Cognos  Incorporated.  All  rights  reserved. 


S  THE  PLANET. 
IEPORTNET. 


BREAKTHROUGH  REPORTING 
GLOBAL  SERIES 

Americas 

3  Sep  Los  Angeles,  CA 

4  Sep  Dallas,  TX 

16  Sep  Toronto,  ON 
18  Sep  Iselin,  NJ 

23  Sep  Calgary,  AB 

23  Sep  Minneapolis,  MN 

24  Sep  Milwaukee,  WI 

24  Sep  Seattle,  WA 

25  Sep  Portland,  OR 

25  Sep  St.  Louis,  MO 

26  Sep  Kansas  City,  KS 

1  Oct  Boston,  MA 

2  Oct  Washington,  DC 
2  Oct  Phoenix,  AZ 

7  Oct  Nashville,  TN 

7  Oct  Sao  Paulo,  Brazil 

8  Oct  Philadelphia,  PA 

8  Oct  Ft.  Lauderdale,  FL 

9  Oct  Pittsburgh,  PA 
15  Oct  Atlanta,  GA 

17  Oct  Houston,  TX 
21  Oct  Hartford,  CT 
21  Oct  Raleigh,  NC 

21  Oct  Cincinnati,  OH 

22  Oct  Cleveland,  OH 
22  Oct  Richmond,  VA 

22  Oct  Mexico  City,  Mexico 

23  Oct  Rochester,  NY 
23  Oct  Detroit,  MI 

23  Oct  Montreal,  QC 

24  Oct  Indianapolis,  IN 
28  Oct  Denver,  CO 

4  Nov  Edmonton,  AB 

20  Nov  Ottawa,  ON 

Europe 

10  Sep  Vienna,  Austria 

1  Oct  Lausanne,  Switzerland 

7  Oct  Frankfurt,  Germany 

8  Oct  Amsterdam,  Netherlands 

9  Oct  Paris,  France 

10  Oct  Helsinki,  Finland 

13  Oct  Birmingham,  England 

14  Oct  Brussels,  Belgium 

15  Oct  Stockholm,  Sweden 

16  Oct  Zurich,  Switzerland 

Asia  Pacific 

21  Oct  Perth,  Australia 

22  Oct  Brisbane,  Australia 

23  Oct  Canberra,  Australia 
28  Oct  Adelaide,  Australia 

28  Oct  Tokyo,  Japan 

29  Oct  Melbourne,  Australia 

30  Oct  Sydney,  Australia 
4  Nov  Osaka,  Japan 

Register  today  at 

www.cognos.com/reportnet/events. 


I 

I 


VOL.  17  •  NO.  1  •  OCTOBER  1,  2003 


SPECIAL  REPORT 


Risks.  The 


Rewards. 


The  Politics.  The  Infighting.  The 


Features 


SPECIAL  REPORT  I  WEB  SERVICES 
The  Standards 

The  Battle  for  Web  Services  I  54 

Everyone  wants  Web  services  standards.  CEOs  think  the  technol¬ 
ogy  will  create  new  opportunities.  CFOs  believe  it  will  save  mil¬ 
lions.  Vendors  see  a  pot  of  gold  at  the  end  of  the  Web  services 
rainbow.  And  CIOs  know  that  linking  to  customers  and  partners 
over  the  Internet  will  revolutionize  both  business  and  IT.  So  what’s 
the  holdup?  The  usual  suspects:  Politics.  Ego.  Suspicion.  Fear. 
Greed.  By  Christopher  Koch 

The  Early  Adopters 
Calculated  Risks  I  64 

Many  companies  are  jumping  in  to  Web  services  before  standards 
emerge.  Sure,  there  are  risks.  Here’s  how  some  early  adopters  are 
managing  them.  By  Elana  Varon 


POST-IMPLEMENTATION  AUDITS 
It  Ain’t  Over...Until  You  Do  the 
Post-Implementation  Audit  I  74 

Scrutinizing  every  aspect  of  a  finished  project  and  acting 
on  the  lessons  learned  can  be  controversial  and  difficult.  But 
post-implementation  audits  are  an  important  way  to  avoid 
repeating  costly  mistakes.  By  Meridith  Levinson 

LEADERSHIP 

The  Business  Education  of  Jan  Franklin  I  84 

Just  when  she  thought  she  knew  everything,  this  IT  veteran  spent 
some  time  on  the  business  side.  What  she  learned  there  prepared 
her  to  take  over  as  Farmers’  CIO  when  opportunity  knocked. 

By  Alice  Dragoon 

MORE  ►  ►► 


Players  in  the  Web  services  battle  (from  left  to  right): 
Kaiser  Permanente’s  Dave  Watson,  Sonic  Software’s 
David  Chappell,  Oasis’s  Patrick  Gannon,  Motorola’s 
Samir  Desai  and  the  U.S.  Navy’s  Monica  Shephard 


4 


CIO  OCTOBER  1,  2003  •  www.cio.com 


COVER  PHOTO  BY  ANDY  FREEBERG 


AT&T  Wireless  works. 


average 
20-40  Kbps 


Sprint  works  nearly  twice  as  fast. 


average 
50-70  Kbps 


Your  business  can  get  more  done,  faster,  in  more  places 
nationwide  with  the  Sprint  advanced  wireless  network. 


Compared  with  the  AT&T  Wireless  Next  Generation  network, 
Sprint  gives  you: 

•  Laptop  connections  nearly  twice  as  fast 

•  30%  larger  coverage  area 

•  35  million  more  people  covered 


All  of  this  and,  of  course,  clear  calls  on  the 
most  complete,  all-digital  wireless  network  in 
the  nation  to  make  your  business  more  effective 

Get  the  facts  at  www.sprintpcs.com  or  call  877-459-8144 
for  a  PCS  Business  Representative. 


PCS  Connection  Card.1'' 
Insert  it  in  a  laptop. 
Get  a  wireless 
connection. 


One  Sprint.  Many  Solutions?"* 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


Speed  claims  based  on  published  averages  from  each  carrier  and  other  information.  Realized  speeds  will  vary  based  on  devices,  tasks  and  other  factors.  Coverage  claims  based  on 
the  enhanced  Sprint  Nationwide  PCS  Network  (reaching  240  million  people)  and  the  AT&T  Wireless  National  Next  Generation  (GPRS)  network  and  coverage  included  with  available 
service  plans  excluding  roaming  areas.  Copyright  ©2003  Sprint  Spectrum  L.P.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P 


Build  more  business  value  into  your  IT  investments 

With  mounting  profit  pressures  and  demands  for  cost  control,  every  investment  must  produce  rapid  and  predictable 
business  value.  As  the  world’s  third  largest  IT  company,  Fujitsu  can  show  you  how  to  improve  your  return  on  IT.  Our 
experienced  consultants  will  align  your  technology  with  your  business  strategy  for  improved  performance.  And  our 
enterprise  value  management,  application  outsourcing  and  IT  effectiveness  experience  can  help  maximize  the  value 
from  IT  while  reducing  total  IT  costs  up  to  30%  in  three  years.  Along  with  the  right  blueprint,  a  solid  infrastructure 
forms  the  foundation  for  business  effectiveness.  By  eliminating  “server  sprawlj’  our  exceptionally  reliable  and  scalable 
UNIX  servers  will  lower  TCO  and  improve  productivity.  For  free  white  papers  showing  how  to  maximize  your  Return 
On  IT,  visit  us.fuj itsu.com/ROIT.  Working  together,  we  can  accomplish  anything. 


, 


IT  Infrastructure  Solu" 
High-Availability  Servers 
-  Mission  Critical  Managed 
►  Resource  Optimization  S 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


us.fujitsu.com 


Columns 

PEER  TO  PEER 
Culture  Clash  I  40 

You  don’t  need  a  degree  in  anthropology 
to  negotiate  multicultural  IT  projects.  But 
as  this  IT  exec  discovered,  having  one  sure 
doesn’t  hurt.  By  Patricia  Ensworth 

THE  NEW  WORK  ORDER 
Putting  It  All  Together  Again  I  44 

Knowledge  worker  productivity:  your 
questions  answered.  By  Tom  Davenport 

REAL  VALUE 

Wanted:  Metric  Skeptics  I  50 

Accepting  vague  or  irrelevant  numbers  for 
project  value  can  lead  to  bad  IT  spending 
decisions.  By  Jack  Keen 

SOUND  OFF 

Should  Software  Vulnerabilities 
Be  Posted  Online?  I  92 

Readers  weigh  in  with  their  opinions  on 
this  thorny  issue.  By  Art  Jabnke 

FROM  THE  PUBLISHER 
Beware  of  the  Telephone  I  96 

Most  of  your  employees  think  hacks  origi¬ 
nate  via  a  computer.  According  to  Kevin 
Mitnick,  they’d  be  wrong.  By  Gary  Beach 


HOTSEAT  I  98 

Your  Guide 
to  Managing 

Secrets  to  Managing  Techies 

IT  employees  are  different.  Here’s  how  to 
lead  them.  By  Megan  Santosus 

Management  Report  I  102 

The  Loyalty  Lag:  10  ways  to  develop  the 
truly  loyal  employee. 

Leadership  Agenda  I  104 

The  M.I.A.  CIO:  Five  ways  to  regain  your 
focus — and  retain  your  job. 

By  Susan  H.  Gramm 


George  Lin,  CIO  of  Documentum,  requires  all  IT 
staffers  to  understand  business  processes  before 
they  can  talk  technology. 


Sections 

TRENDLINES  I  24 

Crazy  as  usual  for  California  CIO;  On 

the  West  Nile  virus  trail;  Looking  back  at 

vendor  consolidation.  And  more 

BY  THE  NUMBERS  I  28 

It’s  not  just  what  you  send,  it’s  what  you 

store  that  needs  encryption. 

ON  THE  MOVE  I  34 

CIOs  on  the  go — see  where  your 

IT  peers  are  working  now. 

PROFILE:  Dana  Deasy’s  easy  move  to 
troubled  Tyco  International. 


In  Every  Issue 

FROM  THE  EDITOR 
The  Greatest  Threat  to 
CIO  Success  I  16 

Here’s  how  to  be  more  effective  with  less 
resources.  By  Abbie  Lundberg 

INBOX  I  18 

Reader  feedback 

INDEX  I  110 

EXECUTIVE  SUMMARY  I  112 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


“Since  all  knowledge  workers  aren’t  alike,  we  need 
to  segment  them  into  categories  and  apply  IT 
approaches  differently  for  each  category.” 

-Tom  Davenport,  CIO  columnist,  on  knowledge  workers  Page  44 


8 


CIO  OCTOBER  1,  2003  •  www.cio.com 


All  those  who  want  more  wireless 

with  less  worry 


•  •• 


Technology  Risk 


SM 


Wireless  networks  offer  businesses  several  advantages.  Increased 
mobility,  design  flexibility,  lower  costs.  But  as  with  most  new 
technologies,  design  focuses  on  functionality  -  not  risk. 
Wireless  technologies  do  not  have  the  physical  access 
restrictions  used  in  traditional  wired  environments.  They  make 
it  possible  for  someone  in  the  lobby  or  across  the  street  to  have 
access  to  a  network  carrying  patient  or  employee  information, 
sensitive  corporate  data,  or  trade  secrets. 

Are  your  wireless  access  points  configured  with  adequate 
security?  Has  your  business  taken  steps  to  prevent  hackers 
from  exploiting  your  information?  Do  you  know  your 
vulnerabilities?  “War  driving.”  “Net  stumbling.”  “War  chalking.” 
“LAN  jacking.”  From  wireless  to  business  continuity, 
infrastructure  management  to  security  and  privacy,  Protiviti 
helps  you  identify,  measure  and  manage  the  technology  risks 
that  threaten  your  business  objectives.  That  way,  you  can 
manage  your  risks,  not  just  react  to  them. 


Protiviti  is  the  leader  in  independent  risk  consulting  and 
internal  audit  services.  We  provide  international  services  for 
established  and  emerging  companies  to  help  them  inde¬ 
pendently  identify,  measure  and  better  manage  risk.  Our  Big 
Four  experience  ensures  years  of  expertise  in  a  wide  range  of 
industries.  So  whether  your  challenge  is  reporting  accurate 
results,  maximizing  the  value  of  technology  or  adopting 
business  controls  you  can  trust,  Protiviti  delivers  quantifiable 
solutions  that  make  a  difference...  Are  you  ready  to  Say  i? 

For  more  information  visit  protiviti.com  or  call 
1.888.556.7420. 


^  Visit  KnowledgeLeader.com  today  for  a  free  30-day  trial. 

✓v  KnowledgeLeader.com  provides  exclusive  tools,  resources  and 
best  practices  to  help  internal  auditors  and  risk  professionals. 


©  2003  Protiviti  Inc.  E0E 


Business  Risk 


Technology  Risk 


pf  SAMSUNG  m\lall) 

•  everyone’s  invited™ 


S3;*;- 


Forbes  enjoys  clearer  vision  thanks  to  Samsung 


©2003  Samsung  Electronics  America,  Inc.  Screen  images  are  simulated. 


SyncMaster  192  r 


That’s  DigitAII  vision. 


Forbes 


How  do  you  become  the  nation’s  foremost  business  magazine?  With  unparalleled 
vision  and  absolute  clarity.  That’s  why  Forbes  chose  to  utilize  displays  from  Samsung 
—  the  world’s  leading  manufacturer  of  TFT-LCD  displays.  And  with  technology  like  the  new  SyncMaster 
192T,  the  tradition  of  excellence  continues  with  the  truest  color  reproduction,  sharpest  imaging  and  smartest 
overall  investment.  Together  with  Samsung,  there’s  an  even  brighter  future  for  publishing  and  beyond. 


Add  vision.  Add  possibility.  Add  Samsung. 


www.cio.com/printlinks 


LEARN  MORE 

Nailing  the  Post-Implementation  Audit 


Online  Exclusive 


What  you  don’t  know  can  hurt  you.  By  doing  a  post-impiementation  audit  (see  It  Ain’t  Over 
Until  You  Do  the  Post-Implementation  Audit,  Page  74),  you’ll  get  a  clear  picture  of  what  not 
to  do  next  time— and  solid  backup  to  prove  the  value  of  high-cost,  mission-critical  IT  invest¬ 
ments.  The  following  Web  exclusives  will  help  you  nail  down  doing  the  PI  A,  and  doing  it  right: 


Still  a  little  shaky 
on  just  how  Web 
services  works? 
Check  out  our  newly 
updated  interactive 
Flash  presentation, 
“Web  Services.” 


►  A  Business  Case  Process,  including 
sample  flow  chart  that  identities  key 
metrics  and  project  time  line 

►  A  PIA  Scorecard,  for  planning  the 
four-step  process 


►  A  PIA  Summary,  for  tracking  major  steps 

►  Also  look  for  informational  sidebars  on 
"How  to  Select  the  Right  Project  for  Your 
First  Post-Implementation  Audit"  and  “Doing 
It  Right:  Questions  to  Ask  During  an  Audit.” 


>Teatures 

from  October  1  to  October  15 

ASK  THE  SOURCE 

How  Does  One  Deploy 
Web  Services? 

According  to  Samir  Desai,  senior  vice  presi¬ 
dent  and  CIO  at  Motorola,  Web  services  is 
about  “the  throughput,  agility  and  cost- 
effectiveness  of  IT.  How  many  times  should  I 
code  a  credit  card  check?  With  Web  services 
the  answer  is  one.”  Motorola  has  committed 
to  the  enterprisewide  deployment  of  Web 
services  (see  Calculated  Risks,  Page  64). 

Quiz  Desai  on  his  experiences  with  Web 
services  through  Oct.  15.  Go  to  www2.cio.com/ask/source. 

ADD  A  COMMENT 

Web  Services:  The  Next  New  Thing  or  the  Newest  Headache? 

If  the  vendors  can’t  agree  on  the  standards,  maybe  it  doesn’t  make  sense  for  you  to  launch  into 
Web  services  just  yet.  (See  The  Battle  for  Web  Services,  Page  54.)  Or  maybe  this  is  the  time  to 
get  the  jump  on  the  competition.  What’s  your  take?  Go  to  the  online  version  of  this  article  to 
Add  a  Comment— and  read  what  your  peers  are  thinking. 


mmmm 


Peer  Resources 

More  Takes  on  Web 
Services 

» If  Web  services  ever  gets  its 
various  acts  together  (see  The 
Battle  for  Web  Services,  Page  54), 
it’s  just  possible  that  the  end  user 
could  be  responsible  for  his  own 
applications.  Where  does  that  leave 
the  IS  department?  CIO's  sister 
site  Darwinmag.com  thinks  that 
might  mean  we  don’t  need  IS 
anymore.  Read  Are  You  Ready  for 
the  IT-Savvy  Company?  on 
www.  darwinmag.  com . 

»  Even  though  organizations  such 
as  Motorola  and  the  Navy  are 
plunging  ahead  with  Web  services 
(see  Calculated  Risks,  Page  64), 
they’re  all  going  to  have  to  deal  with 
the  technology’s  avowed  lack  of 
security.  CIO's  sister  publication 
CSO  magazine  offers  some  tips  for 
Web  services  pest  control  in  How  to 
Rope  in  Rowdy  Technologies.  Find 
the  story  at  www.csoonline.com. 


« 

t 


12  CIO  OCTOBER  1,  2003 


www.cio.com 


PHOTO  BY  JEFF  SCIORTINO 


$*4-  & « 

M  A- 

'  ■  ^6..  n  V*-  .1 


»>l.h.?iTiP 


';(^s 

Kli  »Mii 

*--•••  >  ||  -«'M  fat 

J  ; 

jg;{S»,J  •*!>-» 

?  '  -..,w  , 

ME 

a  W~TjjWD^ 

PS  J  ^  Vi 

Tony  Menezes,  IBM  facilitator  of  open  practices,  financial  industry 


Open  standards  and 
the  taming  of  the  screw. 


In  1864,  a  bolt  or  screw  made  in  one  machine  shop  wouldn’t  fit  a  nut  made 
in  another  machine  shop.  Everything  was  proprietary.  In  short,  a  mess. 

Until  William  Sellers  proposed  a  standard,  uniform  screw.  So  one  part 
could  be  made  down  the  street,  and  another  made  across  town,  and 
assembly  could  happen  anywhere.  Everything  worked  together. 

Apply  that  same  logic  to  IT  and  you  arrive  at  open  standards  like  Linux? 
Universal,  open  “languages”  that  let  everything  IT  talk  to  everything 
else  IT.  Vendors,  systems,  partners  —  anyone  —  can  be  plugged  into  or 
unplugged  from  the  open  standards  “pegboard.”  Open  standards  is 
also  the  antidote  to  being  locked  into  the  high  costs  of  any  one  vendor. 

The  business  results?  Speed,  responsiveness,  flexibility,  readiness. 

Open  standards.  The  unifying  thread  behind  on  demand  business. 

On  demand  business  starts  with  on  demand  thinking. 

IBM  is  home  to  thousands  of  people  who  live  and  breathe  Linux. 

Specialists  who  can  bring  open  standards  (and  all  its  benefits)  to  just 
about  every  industry.  Our  IT  expertise,  coupled  with  deep  business 
know-how,  can  deliver  real  change  across  your  company.  On  demand 
business.  Get  there  with  on  demand  people.  Call  800  IBM  7080  (ask 
for  thinking)  or  visit  ibm.com/services/thinking 

Can  you  see  it? 


IM  and  the  IBM  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds. 
2003  IBM  Corp.  All  rights  reserved. 


From  the  Editor 

lundberg@cio.com 


The  discussion  on  strategic 
planning  and  alignment  that 
I  had  with  members  of  CIO’s 
Best  Practice  Exchange  is 
just  one  of  many  taking 
place  every  day.  For  more 
information  on  the  Best 
Practice  Exchange,  our 
member-only  online 
networking  forum,  visit 
exchange.cio.com. 


The  Greatest  Threat 
to  CIO  Success 


RIGHT  NOW,  CIOs  ARE  STUCK  between  a  rock 
and  a  hard  place.  On  one  side,  there  is  growing 
demand  for  new  IT  capabilities  and  high  expecta¬ 
tions  for  payoff.  On  the  other,  there  are  greatly 
constrained  resources.  This  will  pose  the  single 
greatest  threat  to  CIO  effectiveness  in  the  next  year 
and  a  half,  and  there’s  only  one  way  out:  better 
strategic  planning  and  business  alignment. 

In  a  recent  CIO.com  poll,  we  asked  visitors  if 
they  were  experiencing  an  increase  in  IT  requests 
from  the  business  side.  Of  405  respondents,  78  per¬ 
cent  said  the  number  of  requests  is  increasing.  And 
32  percent  said  the  quality  of  the  requests  is  improv¬ 
ing  (better  spec’ed  out,  higher-value  projects). 

If  IT  budgets  were  increasing  by  double  digits,  as 
was  common  in  the  late  ’90s,  that  might  not  be  a 
problem.  When  money  flowed  freely,  as  long  as 
the  IT  organization  was  aligned  with  what  the  busi¬ 
ness  needed  and  delivered  it  well,  the  CIO  was  con¬ 
sidered  successful. 

That  type  of  alignment  is  a  recipe  for  disaster 
for  CIOs  today.  When  IT  tries  to  please  each  and 
every  business  unit  leader,  each  and  every  function 
head,  and  those  people  have  competing  priorities, 
there’s  no  way  to  win.  With  resources  as  limited 
as  they  are  today,  you  wind  up  with  a  scene  from 
Gladiator ,  with  the  CIO  stuck  in  the  middle  of  a 
very  bloody  battle. 

I  recently  asked  members  of  CIO’s  Best  Practice 
Exchange  to  describe  the  most  effective  thing  they 


were  doing  to  manage  this  problem.  To  a  person, 
the  answer  was  better  strategic  planning  and  align¬ 
ment  in  the  business,  and  better  governance  of  IT. 

The  only  way  to  be  successful  when  the  number 
of  high-value  business  initiatives  (IT  enabled  or  oth¬ 
erwise)  greatly  exceeds  the  resources  available  to 
deliver  them  is  to  get  all  the  business  stakeholders  to 
agree  on  what  is  most  important,  and  then  to  agree 
on  how  things  should  be  prioritized.  That  takes  a 
cohesive  executive  group  and  some  very  sophisti¬ 
cated,  well-running  governance  mechanisms. 

The  challenge  in  this  for  CIOs  is  that,  in  most 
companies,  this  isn’t  happening,  and  the  CIO  who 
identifies  the  problem/solution  ends  up  in  a  new 
high-profile  role  of  leading  the  business  to  priori¬ 
tize,  define  and  communicate  goals  for  the  entire 
enterprise — not  just  for  any  one  business  unit  or 
function,  and  not  just  for  IT.  Second  only  to  the 
CEO,  CIOs  are  uniquely  positioned  to  view  the 
business  in  this  cross-functional,  process-oriented, 
holistic  way.  Second  to  no  one,  they  are  uniquely 
positioned  to  think  about  and  lead  discussions  on 
IT-enabled  strategy  and  process  change.  Think  this 
is  a  stretch?  I’ve  talked  with  two  CIOs  in  the  past 
month  who  are  writing  their  companies’  five-year 
strategic  plans. 

Do  you  agree  that  this  growing  imbalance 
between  demand  and  resources  poses  the  greatest 
threat  to  your  effectiveness?  What  about  this  new 
alignment?  Drop  me  a  line  and  let  me  know. 


1  6 


OCTOBER  1,  2003  •  www.cio.com 


CIO 


PHOTO  BY  JASON  GROW/SABA 


©2003  Opsware  Incorporated.  All  Rights  Reserved. 


EDS  EXPECTS  $100,000,000  IN 
PRODUCTIVITY  SAVINGS. 


YOU  CAN  TOO. 


Using  Opsware,  EDS  is  automating  more  than  15,000 
servers  worldwide.  And  only  EDS  Automated  Hosting 
offers  clients  a  100%  uptime  guarantee. 

It’s  here.  Truly  automated  IT. 

Go  to 


www.opsware.com/automatelT 


OPSWARE  INC 

^  Automating  IT” 


InBox 

Reader  Feedback 


I.T.  WILL  DRIVE  THE  FUTURE 

I  enjoyed  your  interview  with  economist  W.  Brian  Arthur  [“IT  Reloaded,”  July  15, 2003] 
and  understand  and  agree  with  what  he  says  regarding  CIOs  becoming  ever  more  central 
to  the  success  of  companies  that  themselves  are  relying  more  on  technology.  Indeed,  those 
corporations  are  finding  entirely  new  paths  open  to  them,  thanks  to  technology. 

However,  I  confess  to  wondering  just  how  much  real  growth  is  still  possible,  given  the  other 
impact  of  technology.  It  seems  to  me  that  our  society  is  in  for  a  sea  change  insofar  as  our  ability 
to  support  ourselves  with  work  in  the  traditional  manner.  We  still  live  in  a  culture  where  not 
having  a  job  (and  not  “being  productive”)  is  frowned  upon;  most  people  in  the  United  States 
feel  shame  if  they  are  forced  into  an  out-of-work  situation.  However,  technology  in  many  forms 
has  taken  away  the  need  to  employ  as  many  people  to  accomplish  the  same  tasks. 


To  use  Arthur’s  example,  the  railroads 
surely  did  allow  for  Chicago  to  become 
the  capital  of  the  U.S.  beef  industry,  but 
did  they  not  also  eliminate  the  need  for 
countless  local  butchers  and  cowboys? 
Or  farming — in  1900,  the  census  showed 
the  U.S.  population  was  76  million  peo¬ 


ple,  with  about  30  percent  of  them  work¬ 
ing  on  farms.  Today,  less  than  2  percent 
of  a  total  population  of  281  million  work 
on  farms  in  America,  thanks  to  tractors 
and  pesticides  and  genetic  alteration. 

There  are  other  more  techy  exam¬ 
ples — bank  tellers  displaced  by  ATMs, 
telephone  operators  by  ESS  switches,  pro¬ 
grammers  by  offshore  counterparts  who, 
thanks  to  telecommunications,  can  deliver 
the  same  work  results  for  less  cost. 

My  point  is,  we  are  still  producing 
enough  food  (even  surplus),  getting  our 
banking  transactions  and  phone  calls 


completed,  and  so  on.  The  tasks  them¬ 
selves  are  being  accomplished,  just  with 
fewer  people  (or  fewer  people  in  the 
United  States)  involved. 

But  what  happens  to  those  who  would 
like  to  work  but  can’t  find  jobs? 

I  remember  a  sci-fi  story  called  “The 
Marching  Morons,”  written  in  the  ’50s. 
The  protagonist  (who  had  been  frozen 
and  then  thawed  200  years  in  the  future) 
discovered  a  world  where  a  minority  of 
people  did  productive  work;  the  rest  of 
the  population  went  to  work  every 
day  unaware  their  efforts  did  not 
accomplish  anything.  The  minority 
set  up  “busy  work”  so  that  the 
masses  would  feel  as  if  they  were  con¬ 
tributing  members  of  society. 

That  story  comes  to  mind  as  I  observe 
what  we  are  experiencing  as  a  society. 
Bob  Fately,  Vice  President,  Third  Wave 
Van  Nuys,  Calif. 

Economist  W.  Brian  Arthur  Responds: 
With  the  steady  increase  of  productivity 
coming  mainly  from  IT,  more  work  is 
indeed  being  done  with  fewer  workers. 
I’m  an  optimist  about  the  potential  of  IT 
and  of  the  U.S.  economy  in  general.  But 
the  fly  in  this  very  good  ointment  is  the 
steady  migration  of  jobs  offshore  and  a 


prospect  that  jobs  will  recover  last  in  this 
economy,  if  at  all. 

I  believe  continued  cutting-edge  tech¬ 
nology  will  create  new  industries  to  off¬ 
set  the  losses  in  the  old:  witness  genomics, 
smart  materials,  new  pharms,  nanotech. 
But  these  are  some  way  off.  I  hope  that 
the  United  States  will  take  a  cue  from 
Europe  and  shorten  the  workweek.  This 
means  making  it  cheap  by  every  possible 
means  for  businesses  to  hire  labor.  But 
failing  that,  we  could  see  a  situation  here 
of  combined  prosperity  and  joblessness. 

I’ve  been  noticing  that  underneath  the 
bad  economic  data,  businesses  large  and 
small  have  been  gradually  absorbing  the 
new  technology.  It  has  simply  taken  time 
to  absorb,  but  the  growth  is  inexorable. 

Arthur,  whom  I  consider  one  of  the 
smartest  people  around,  has  confirmed 
my  hunches  with  historical  insights.  IT  is 
indeed  the  wedge  that  will  drive  the 
future,  although  like  any  wedge,  it  takes 
many  thrusts  before  its  work  is  done. 

Paul  Arveson 
Balanced  Scorecard  Institute 

CORRECTION 

An  item  in  the  Sept.  1,  2003,  “On  The 
Move”  column  erroneously  referred  to 
Lucent  Technologies’  financial  situation. 
The  company  has  not  declared  bank¬ 
ruptcy.  CIO  regrets  the  error. 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity.  Lor  a 
link  to  the  article  mentioned,  go  to 
www.cio.com/printlinks. 


18  CIO  OCTOBER  1,  2003  •  www.cio.com 


j jrr  •  •  •  • ' 

raS#*: 

.v.lsw.‘. 


»•••••••••••••••••••  •  •  •  •  • 

••••••••••••••••••••••••« 

»••••••••••••••••••••••••« 

•••••••••••••••••••••••••» 

»•••••••••••••••••••••••••. 

••••••••••••••••••••••••«• 

•••«••••••«••••••••••••••  •  • 

i  •••••••••••••••••••«••••• 

(•••••••••••••••••••••a****** 

•  •••••••••••••aaaaaaaaaaaaa** 

(•••••••••••••••••••aaaaaaaa*  . 

•  •  ••••••••••••••••a*aa#aa«aaa 

(••••••••••••••••••aaaaaaaaa*  a 

•  ••••••••••••••••aaaaaaaaaaaa* 

(••••••••••••••••••aaaaaaaaaa*  • 

•  ••••••••••••••••••aaaaaaaaaa  a 

»■_••••  •  •  •  •  a  •  •••••••••••••••••* 

I  ■•••••••••  •.•.»•••  ••••••••••••a 

•••••••••••••aaaaaaaaaaaa 

•  ••••••••••••••aa*a***«*aa 

•  ••••••••••••••••••a*«**«a 


Jib  i 

II  •  *  •  •  •  •  •  •  •  •  *  •  ••aaaaa*««a 

'••  •_■_■_•  •■_•••  •••••••••••aaa***aa 


cc 


Deploying  our  ERP  application 
on  our  tight  deadline  would 
have  been  impossible.  With 
Citrix,  we  not  only  made  our 
deadline,  we  also  drastically 
reduced  our  deployment  costs.” 

Curtis  Robb,  CIO 

Delta  Air  Lines,  Inc. 


INFRASTRUCTURE  FOR  THE  ON-DEMAND  ENTERPRISE 

In  the  airline  business,  being  on  time  is  everything. 
And  for  Delta  Air  Lines,  their  ERP  deployment  was 
no  exception.  But  with  12,400  individual  desktops 
to  manage,  they  needed  a  faster  route  to  meet  their 
deadline.  So  they  turned  to  Citrix  for  a  simplified 
and  more  cost-effective  solution.  Not  surprising, 
considering  that  99%  of  the  Fortune  500  use  Citrix® 
software  to  deploy  applications  centrally  for  secure, 
easy,  and  instant  access  to  business-critical  information 
-  anywhere,  anytime,  from  any  device.  We  call  it 
the  on-demand  enterprise.  And  it’s  helping  more 
than  120,000  of  our  customers  save  money  and 
reduce  IT  complexity.  To  learn  what  it  can  do  for 
your  business,  visit  www.citrix.com. 


CiTRIX 


©2003  Citnx  Systems,  Inc.  All  rights  reserved.  Citnx  is  a  registered  trademark  of  Citrix  Systems.  Inc.  in  the  U.S.  and  other  countries.  All  other  trademarks 
and  registered  trademarks  are  the  property  of  their  respective  owners.  Delta  and  Delta  Air  lanes  are  registered  trademarks  of  Delta  Corporate  Identity,  Inc. 


I  AM  A  CISCO  7960G 
IP  PHONE. 


I  AM  MORE  TALK 
AND  LESS  WALK. 

I  HAVE  MORE  WAYS  OF  GETTING  PEOPLE  TALKING.  BUT  I  AM 
NOT  ALL  TALK.  I  AM  VOICE  AND  DATA,  BOTH  ON  THE  SAME  TEAM. 

I  HAVE  THE  POWER  TO  PUNCH  TIME  CLOCKS,  LISTEN  TO  EMAIL 
AND  SCHEDULE  APPOINTMENTS.  I  HAVE  THE  POWER  TO  SAVE 
VALUABLE  MILEAGE  ON  OFFICE  MOVES  AND  I.T.  STAFF  SHOES. 

I  AM  A  SECURE,  PINT-SIZED  PRODUCTIVITY  EXPERT  THAT  DELIVERS 
SUPER-SIZED  ROI.  I  AM  MORE  THAN  A  CISCO  7960G  IP  PHONE. 


THIS  IS  THE  POWER  OF  THE  NETWORK.  IIOW. 


cisco.com/convergencenow 


Cisco  Systems 


t-2003  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco  7960G,  Cisco,  Cisco  Systems  and  the  Cisco  Systems  logo  are  registered  trademarks  or  trademarks  of  Cisco  Systems,  Inc  and/or  its  affilia 
in  the  U.S.  and  certain  other  countries.  All  other  trademarks  mentioned  in  this  document  or  Web  site  are  the  property  of  their  respective  owners.  The  use  of  the  word  partner  does  not  impl 

partnership  relationship  between  Cisco  and  any  other  company. 


The  Resource  for  Information  Executives 


President  Walter  Manninen 
Publisher  Gary  J.  Beach 

Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Deputy  Editor  Richard  Pastore 

Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Alison  Bass,  Michael  Goldberg, 
Christopher  Koch  (Investigations) 

Leadership  and  Management  Editor  Edward  Prewitt, 
Opinion  and  Knowledge  Management  Editor  Megan 
Santosus,  Research  Editor  Lorraine  Cosgrove  Ware, 
Special  Projects  Editor  Mindy  Blodgett,  Technology 

Editor  Christopher  Lindquist 

Senior  Editors  Scott  Berinato,  Todd  Datz, 

Alice  Dragoon,  Elana  Varan  (B2B  E-Commerce) 

Features  Editor  Late  Low 

Senior  Writers  Meridith  Levinson  (B2C  E-Commerce), 
Stephanie  Overby,  Sarah  D.  Scalet  (Security  and  Privacy) 

Staff  Writer  Ben  Worthen 
Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Copy  Editors  Kelli  A.  Gauthier  (Assoc.), 

Emily  S.  Henderson,  Sarah  Johnson  (Assoc.) 

Special  Projects  Manager  Lynne  Z.  Rigolini 
Editorial  Resource  Manager  Carol  Zarrow 
Editorial  Assistant  Daniel  J.  Horgan 

Contributors  Stacy  Cowley,  Susan  H,  Cramm, 

Tom  Davenport,  Alan  R.  Earls,  Patricia  Ensworth, 

Jack  Keen,  Robert  McMillan,  Nancy  Weil 

Editorial  Operations  Specialist  Julie  Hanson 


How  to  Reach  Us 

E-mail  letters@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CX0  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/oniine_beats2.html 

Subscriber  Services  866  354-1125,  Fax  847  564-9453, 
E-mail  cio@omeda.com 

Reprint  Services  Chad  Johnston  •  651  582-3800, 

E-mail  cioreprints@rsicopyright.com  (500  quantity  or  more) 

Rights  and  Permission  Andrew  Burrell  •  508  935-4785, 
E-mail  aburrell@cxo.com 


DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 
Art  Directors  Hana  Barker,  Terri  Haas,  Lisa  Munroe 
Associate  Art  Director  Owen  Edwards 
Senior  Designers  Kaajal  S.  Asher,  George  Lee 
Designer  Alberto  Capolino 
Design  Operations  Specialist  Rachel  Barnett 

ONLINE  EDITORIAL 

Web  Editorial  Director  Art  Jahnke 
Consulting  Editor  Janice  Brand 
Web  Editor  Sandy  Kendall 
Web  Writer  Jon  Surmacz 

ONLINE  &  INFORMATION  SYSTEMS 

Chief  Information  Officer  Mark  Hall 

Online 

Senior  VP/General  Manager,  Online  Tim  Horgan 
Director,  CIO  Best  Practice  Exchange  Martha  Heller 

Program  Manager,  CIO  Best  Practice  Exchange 

Sari  Kalin 

Operations  Asst.,  CIO  Best  Practice  Exchange  Lisa  Byron 
Online  Technology  Director  Dagmar  Eiben 
Senior  Web  Developer  Ellen  Morey 
Director  of  Online  Research  Kathleen  Kotwica 
E-Commerce  Manager  Andrew  Burrell 
Web  Developers  Diane  Chen.  Shannon  Macdonald 
Online  Content  Researcher  Tara  Gillet-Liloia 
Designer  Graham  White 

Information  Systems 

Infrastructure  Manager  James  C.  Burgoyne 

User  Services  Manager  Ron  Bettencourt 

Senior  User  Services  Specialists  Jonathan  Frappier, 
Michael  Fahlsing 

System  Administrator  Robert  Reagan 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Circulation  Director  Faith  Marcello 
Subscription  Svcs.  Supervisor  Tina  Pescara 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Senior  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

EP  Senior  Vice  President  Jennifer  Richards 
Conference  Management  Vice  President  Cynthia  Mollus 
Marketing  Services  Director  Shellie  Rapson  James 


Business  Development  VP  John  Amato 
Program  Operations  Manager  Brian  Fuce 
Marketing  Manager  Glede  Kabongo 
Marketing  Services  Coordinator  Andrea  Slobogan 
Event  Development  Specialist  Sandra  J.  Hughey 
Operations  Coordinator  Michael  Barbato 
Event  Planning  Manager  Amy  Turell 
Senior  Customer  Services  Coordinator  Sarah  Yee 

MARKETING 

Executive  VP/Marketing  Cathy  O'Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
News  and  Information  Associate  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 
Marketing  Research  Manager  Carolyn  Johnson 
Sr.  Marketing  Research  Analyst  Dylan  DiGregorio 
Marketing  Comm.  Director  Sue  Yanovitch 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Marketing  Comm.  Associate  Sarah  Crowley 

ADMINISTRATION 

Manager  of  Finance  Margarita  Chiango 
Finance  and  Operations  Analyst  Chris  Bernardi 
Executive  Assistant  to  the  President  Diane  Martin 
Billing  Administrator  Joyce  Gillis 
Facilities  Specialist  John  Kelley 
Office  Services  Coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

Human  Resources  Vice  President  Patricia  Chisholm 
Human  Resources  Manager  Tanya  Bureau 
Human  Resources  Representative  Beth  S.  Ramistella 

FOUNDER 

Joseph  L.  Levy 


INTERNATIONAL  DATA  GROUP 


CEO  Pat  Kenealy 

Board  Chairman  Patrick  J.  McGovern 


wbpa 

▼  INTERNATIONAL* 

©  CXO  Media  Inc. 


2  2  CIO  OCTOBER  1,  2003 


www. cio.com 


New  York  Institute  of  Technology’s  fiber  optic  network  is 
one  of  the  fastest  on  the  East  Coast.  To  make  the  most  of  it, 
NYIT  graduated  to  Xerox  multi-function  technology. 

There’s  a  new  way  to  look  at  it. 


Learn  more:  wiAiw.xerox.com/learn  For  a  sales  rep:  1-800-ASK-XEROX  ext.  LEARN 

©  2003  XEROX  CORPORATION.  All  rights  reserved.  XEROX”  The  Document  Company*  and  There's  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION. 


THE  DOCUMENT  COMPANY 

XEROX 


the  NEWrheHOTtheUNEXPECTE  D 


Edited  by  Michael  Goldberg 


PUBLIC 


SECTOR 


I  .  T  . 


Crazy  as  Usual 
for  California  CIO 


California  CIO  J.  Clark  Kelso 
says  state  agencies  forced 
to  draw  up  plans  for  20  per¬ 
cent  budget  cuts  will  find 
themselves  relying  more  on 
IT  to  support  core  services. 


IMAGINE  A  TYPICAL  DAY  in  the  life  of 
California  CIO  J.  Clark  Kelso. 

The  state  department  of  IT  that  Gov. 
Gray  Davis  picked  him  to  clean  up?  Dis¬ 
banded.  The  state’s  budget?  A  $100  billion 
mess,  balanced  through  billions  in  borrow¬ 
ing,  slashed  spending  and  new  fees.  And  his 
job  security?  As  far  as  Kelso  knows,  Arnold 
Schwarzenegger  soon  could  be  his  new  boss, 
thanks  to  a  free-for-all  gubernatorial  recall 
vote  set  for  Oct.  7.  And  that’s  if  the  new 
governor  keeps  him  on.  (Adding  to  the 
chaos:  On  Sept.  15,  a  court  ordered  the  vote 
delayed  until  March.) 

But  Kelso,  a  Sacramento  insider  with  a 
reputation  for  turning  around  departments 


in  turmoil,  says  it’s  all  just  politics  as  usual. 
“The  mass  media  coverage  is  all  about  what 
a  circus  it  is  out  here,”  says  Kelso,  a  McGe- 
orge  Law  School  professor  who  has  helped 
revive  the  state’s  earthquake  relief  agency 
and  insurance  commission.  “On  the  inside, 
you  don’t  have  the  sense  that  the  govern¬ 
ment  is  in  utter  chaos.” 

Crisis  is  a  better  word  for  California’s 
administration,  a  situation  that  extends  to 
IT.  Aside  from  the  state’s  first-ever  recall 
election,  California  must  shore  up  its 
finances  against  another  mammoth  budget 
deficit  next  year  (the  deficit  hit  $38.2  bil¬ 
lion  this  year  before  a  July  budget  deal). 

In  the  midst  of  this,  Kelso  tries  to  move 


ahead  with  his  IT  agenda  designed  to  cut 
costs  without  hurting  services.  He’s  drafting  a 
data  center  consolidation  plan  due  Dec.  1,  to 
implement  in  2004.  His  administration  is 
overseeing  an  $800  million  contract  for  IBM 
and  other  vendors  to  build  a  new  system  to 
administer  child  support  payments.  And  since 
he  became  CIO  in  2002,  Kelso  has  been  pur¬ 
suing  a  statewide  initiative  to  cut  costs  by 
improving  interagency  collaboration  on  the 
state’s  MyCalifomia  Portal  ( unmv.my.ca.gov ). 
(For  more  about  Kelso’s  goals  on  the  portal, 
see  “Dire  States,”  unvw.cio.com/prmtlinks.) 

Guiding  his  actions,  Kelso  says,  is  restor¬ 
ing  stability  to  the  state  budget,  a  factor  that 

Continued  on  Page  26 


CALL 


CENTERS 


Dial  C  for  Customer 

PITY  THE  POOR  TELEMARKETERS.  Starting  today, 
these  companies  that  would  normally  use  computers 
to  dial  the  masses  instead  must  avoid  connecting  to 
one  of  30  million  telephone  numbers  listed  in  the 
Federal  Trade  Commission’s  National  Do  Not  Call 
Registry.  Violators  risk  fines.  So,  it  would  appear,  you  dine  in  peace. 

Well,  not  exactly.  Telemarketers  have  been  investing  in  CRM  and 
other  applications  to  help  them  navigate  the  list  of  government  rules 
so  that  they  can  connect  with  eligible  consumers.  (For  example,  a 
company  may  contact  customers  for  18  months  after  a  purchase.) 

Aegis  Communications  Group,  an  outsourcer  that  operates 
12  telemarketing  and  customer  service  call  centers,  has  spent 
$1.8  million  since  2000  to  replace  its  homegrown  software  with 


9 


PeopleSoft  applications.  Aegis 
plans  to  convert  half  of  its  5,100 
agents  to  the  software  by  next  year. 
Gaye  Weinberger,  senior  vice 
president  of  business  requirements, 
says  the  investments  will  make  Aegis  com¬ 
pliant  with  the  Do  Not  Call  list  and  trickier-to- 
manage  rules,  such  as  limits  on  the  use  of  automated 
dialing  software.  Aegis,  which  saw  its  revenue  cut  by 
almost  half  between  2000  and  2002  (when  it  hit  $135.9  million), 
wants  to  use  the  systems  to  better  analyze  data  about  existing  and 
potential  customers. 

The  Direct  Marketing  Association,  which  is  battling  the  Do  Not 
Call  rules  in  court,  expects  more  efforts  like  this,  says  spokesman 
Jim  Conway.  “A  common  thread  running  through  the  preparations 
of  our  members  is  the  realization  of  the  increased  value  of  the 
[existing]  customer  relationship,”  he  says.  -Stacy  Cowley 


2  4 


CIO  OCTOBER  1,  2003 


www.cio.com 


ILLUSTRATION  BY  DAN  PICASSO 


Seeing  is  believing. 

Finally,  there's  a  system  that  delivers  the  information  you  need,  when  you 
need  it  for  better  IT  business  decisions.  Blazent  software  automatically  and 
continuously  analyzes  your  enterprise-wide  IT  assets  and  resources,  telling  you  exactly  what  you  have 
and  how  much  -  or  how  little  -  it's  utilized.  Best  of  all,  Blazent  intelligence  reports  clearly  identify 
how  you  can  optimize  the  financial  performance  of  your  IT  infrastructure.  To  learn  more  about  Blazent 
IT  intelligence  software,  visit  www.Blazent.com.  Information  you  Can  act  On. 


See  your  own  IT  savings  and  believe  it! 

Call  650.286.5500  to  know  if  you  qualify  for  a  free 
30-day  optimization  assessment. 

©2003  Blazent,  Inc.  Blazent  and  the  Blazent  logo  are  trademarks  of  Blazent,  Inc. 


□ BLAZENT 

REAL-TIME  IT  INTELLIGENCE 


' 


California  CIO 

Continued  from  Page  24 

will  affect  strategic  IT  decisions  for  years  and  force  depart¬ 
ments  to  focus  on  their  essential  needs.  “We  need  all  depart¬ 
ments  to  go  back  and  ask  themselves,  ‘Alright,  given  a  15, 
20  or  30  percent  reduction  over  a  two-  or  three-year  period, 
what  do  we  really  think  are  the  core  business  operations 
that  we  should  be  performing?’” 

Ironically,  Kelso  expects  this  kind  of  scrutiny  to  cause 
some  departments  to  save  money  by  increasing,  rather 
than  decreasing,  their  dependence  on  IT. 

A  case  in  point  is  Kelso’s  plan  to  consolidate  California’s 
two  data  centers  in  Sacramento  and  Rancho  Cordova. 
“We’re  not  sure  whether  those  data  centers  will  actually 
have  less  business  to  do  or  more  business  to  do,”  says 
Kelso.  Departments  may  see  the  move  to  one  consolidated 
data  center  as  a  way  of  automating  manual  processes,  or 
of  simply  consolidating  IT  services — e-mail  or  Web  servers, 
for  example — that  are  now  handled  at  the  departmental 
level,  he  says.  It  also  could  be  that  the  data  centers  remain 
in  two  locations  but  under  a  unified  management  team. 

Whatever  the  outcome  of  Kelso’s  IT  projects,  observers 
say  conditions  couldn’t  get  much  worse  for  a  state  which 
sells  debt  notes  rated  one  notch  above  junk  bonds.  Any 
successes  Kelso  can  show  could  help  California  bargain  for 
lower  debt  payments,  says  Carol  Kelly,  a  vice  president  of 
government  strategies  with  Meta  Group.  That’s,  of  course, 
assuming  Kelso  gets  to  keep  his  job.  -Robert  McMillan 


trendlines 


Recalling  Florida 


REMEMBER  FLORIDA  IN  2000? 


The  outdated  voting  machines  and 
disputed  election  results?  The 
American  Civil  Liberties  Union 
(ACLU)  of  Southern  California 
does,  and  it  has  sued  to  block 


California’s  recall  election  slated 
for  Oct.  7,  until  the  state  replaces  its 
punched-card  voting  systems. 

On  Aug,  20,  a  federal  judge 
rejected  the  request.  Though 
California  is  under  a  court  order  to 
modernize  its  voting  systems  by 
March  2004,  the  recall  election 
takes  precedence.  Voters  will  choose 
whether  to  recall  Gov.  Gray  Davis, 
and  if  yes,  then  pick  from  a  list  of 
135  candidates  to  succeed  him. 

The  ACLU  of  Southern  California 
won  an  appeal  after  arguing  that 
the  old  methods  would  be  unfair 
to  voters  in  urban  areas  such  as 
Los  Angeles.  On  Sept.  15,  a  court 
said  the  election  should  wait  until 
March,  after  new  machines  are 
installed.  Even  in  places  where 
new  technology  has  replaced  old, 
people  are  worried.  Orange 


County  officials,  who  installed  a 
$26.1  million  electronic  voting 
system,  say  they’d  like  more  time 
to  train  poll  workers.  They  may  rely 
on  older  ballots  to  do  the  job. 

In  spite  of  this  uncertainty, 

Doug  Chapin,  director  of  nonparti¬ 
san  election  reform  website 
Electionline.org,  says  the  recall 
balloting  will  offer  a  good  test  of 
some  new  systems  before  the 
2004  elections.  Shasta  County,  for 
example,  will  be  implementing 
touch  screen  voting  for  the  first 
time  this  month.  “The  experience 
of  counties  like  Shasta  could 
provide  a  lot  of  lessons— good  or 
bad,  depending  on  the  outcome— 
for  other  counties  considering 
last-minute  changes  next  year,” 
Chapin  says.  -Stephanie  Overby 


PUBLIC  HEALTH 

On  the  West  NileVirusTrail 


IN  SOUTHERN  ONTARIO,  West  Nile  virus 
trackers  with  the  Hastings  and  Prince 
Edward  counties’  health  unit  have  more  than 
373,000  square  miles  to  cover.  Their  job: 
look  for  dead  birds  that  might  harbor  the 
potentially  fatal  mosquito-bom  disease  and 
check  standing  water  for  mosquitoes  and 
larvae.  Then  warn  the  public  about  where 
the  virus  has  been  detected  and  urge  people 
to  take  precautions,  such  as  wearing  pants 
and  long  sleeves  and  using  insect  repellent. 

Since  April,  the  17  inspectors  of  the  West 
Nile  virus  surveillance  program  have  been 
collecting  data  (date,  time,  GPS  coordinates 
for  field  sites,  information  about  birds, 


mosquitoes  and  larvae)  using  a  PDA  appli¬ 
cation  designed  for  the  task.  The  applica¬ 
tion,  Assur  H&S  (health  and  safety),  is  from 
Calgary,  Alberta-based  vendor  Carmina 
Technologies,  which  specializes  in  pest  con¬ 
trol  and  disease  monitoring  systems.  It  is 
designed  for  PDAs  and  has  been  easy  for 
county  inspectors  to  use,  says  Glen  Hudgin, 
the  agency’s  director  of  public  health  inspec¬ 
tion.  Users  synchronize  the  PDAs  with  com¬ 
puters  at  the  office  to  analyze  data  collected. 

Standalone  software  applications  for 
PDAs  “are  fantastic.  With  an  application 
like  this,  I  imagine  you  could  train  some¬ 
body  in  an  hour  or  less,”  says  David  Shiple, 


a  Forrester  Research  analyst. 

West  Nile  threatens  much  of  North 
America  until  the  first  hard  frost  occurs 
(usually  October  in  Ontario).  As  of  Aug. 
28,  Canada  confirmed  nine  West  Nile  cases, 
while  the  United  States  reported  1,482 
human  cases  in  34  states,  with  24  deaths. 
Hudgin  says  the  proactive  approach  helps 
contain  the  West  Nile  risk.  “We’re  quite 
confident  that  the  work  we’re  doing  [in  the 
field]  is  helping  to  reduce  the  risk  to  the 
public,”  Hudgin  says.  -Nancy  Weil 


2  6  CIO  OCTOBER  1,  2003 


www.cio.com 


PHOTO  TOP  BY  GETTY  IMAGES/THE  IMAGE  BANK:  PHOTO  BOTTOM  BY  GEOFF  DU  FEU/GETTY  IMAGES/TAXI 


Dell  Handles  125,000 

Transactions  Per  Hour  With  Oracle 

DfeLL 


Dell  counts  on  Oracle  on  Linux  to  handle 
customer  orders  every  day. 

What  do  you  run? 


oracle.com/ success/ dell 
or  call  1.800.633.0759 


Copyright  ©  2003,  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 


trendlines 


By  the  Numbers 

J  By  Lorraine  Cosgrove  Ware 


It’s  Not  Just  What  You  Send, 

It’s  What  You  Store  That  Needs  Encryption 

Despite  evidence  that  stored  data  is  more 
vulnerable  than  data  in  transit,  companies  still 
focus  encryption  efforts  on  data  transmission. 


It’s  Time  to  Protect  Stored  Data 

A  recent  survey  conducted  by  CIO  and  PricewaterhouseCoopers  found  that  the  most 
common  result  of  security  breaches  in  the  past  12  months  was  the  compromise  or  loss 
of  stored  data,  just  ahead  of  applications  and  network  availability. 


Stored  data  unavailable,  compromised  or  lost 
E-mail  and  applications  unavailable 
Network  went  down 

Financial  losses 
Brand/reputation  compromised  | 
Intellectual  property  theft  j 
Legal  exposure  j 
Fraud  | 

Identity  theft  (client  or  employee  information  stolen)  j 

Loss  of  shareholder  value  § 
Extortion  | 


I  29% 
26% 
24% 


5% 
|  4% 

|  4% 
3% 
3% 
3% 


1% 

1% 


It’s  Also  Time  to  Make  Encryption  a  Priority 

Only  30  percent  of  IT  executives  said  their  companies  encrypt  stored  data, 
yet  it’s  attacked  most  frequently. 


We’ve  encrypted  stored  data 

We  secure  Web  transactions 
We  encrypt  data  in  transit 


30% 


53% 

I  54% 


SOURCE:  "State  of  IT  Security  2003,"  a  worldwide  study  conducted  by  CIO  and  PricewaterhouseCoopers— 7.596  respondents 


Best  Practices 

Don’t  lose  the  key.  If  you  store 
encrypted  data  and  lose  the  digital 
encryption  key,  you  cannot  read  that 
data.  Depending  on  the  form  or 
encryption  you  choose,  if  you  store 
data  in  an  encrypted  fashion  and 
lose  the  digital  encryption  key  or 
access  passwords,  you  have  no  way 
of  ever  reading  that  data  again. 

Make  sure  you  have  backup  proce¬ 
dures  and  access  permissions  as 
part  of  your  encryption  strategy, 
including  storing  encryption  keys 
and  passwords  in  escrow  with  a 
secure  third  party. 

Pick  and  choose.  Some  stored 
information  may  warrant  this 
additional  level  of  security,  such  as 
R&D  or  sensitive  customer  records, 
but  other  data  may  not.  Companies 
should  frequently  review  the 
classification  of  data  and  informa¬ 
tion  and  determine  which  assets 
require  encryption. 

Align  your  security  policy  with  your 
company's  business  objectives. 

This  will  help  you  determine  which 
data  is  critical  to  the  business- 
requiring  additional  layers  of 
security— and  which  is  not. 


2  8  CIO  OCTOBER  1,  2003 


www.cio.com 


reach 


AVAVA 

a  higher  plane 
of  communication 


AS  YOUR  COMMUNICATION  NETWORK  gets  more 
complicated  — dare  we  say,  converged?  —  you 
need  to  toughen  your  defense.  Meet  the  complete 
security  solution  from  Avaya.  Our  mantra:  the 
pucks  stop  here.  Count  on  Avaya  Security 
Solutions  to  protect  your  entire  network,  no  matter 

IP  Telephony 


where  you  are  on  the  path  to  IP  telephony.  We 
take  a  holistic  approach  to  security  with  the  multi¬ 
vendor  expertise  of  Avaya  Global  Services.  Our 
industry-certified  consultants  methodically  assess 
all  your  communication  devices,  policies  and 
vulnerabilities,  inside  and  out  (no  sneak  shots 


around  the  post).  In  the  state  of  Avaya,  our 
services,  systems,  applications  and  products 
assure  that  your  converged  network  is  secure  by 
design.  See  why  it’s  no  contest  when  Avaya 
security  is  minding  your  net  at  avaya.com/secure. 
Or  call  866-GO  AVAYA  today. 

Services 


Unified  Communication 


Contact  Centers 


' 


©  2003,  Avaya  Inc.  All  Rights  Reserved.  W 

Avaya,  the  Avaya  Logo,  and  all  trademarks  identified  by  ®  or  ™  are  trademarks  o)  Avaya  Inc.  and  may 
be  registered  in  certain  jurisdictions.  All  other  trademarks  are  the  properly  of  their  respective  owners. 


With  Avaya 


MINDING  YOUR  NET, 

your  voice,  data,  even  your  converged  network  can  be 

SAFE  AND  SECURE. 


•mm  ■ 

••••  >i  ! 


liiillHIliiH 


'I!!!!!!!!!!!!!!!!!!!!!!!!!!;;;;;;;;;; 

<iiiitiitiiimiiiitrniiinnninni 


KiitfMmifdM 

frrw»rt»lifrfO» 

rfrmri»f»rr#i»f 

um.n.MM.n. 

frrMmmrcr*» 


Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size  it  is. 

From  PowerEdge™  servers  featuring  Intel®  Xeorf  processors  to  network  support  products  like  PowerVaulf  Storage 
and  PowerConnecf  switches,  Dell  offers  flexible,  high-performance  industry-standard  technologies  and  software 
solutions  that  are  just  right  for  your  particular  business  needs.  And  we'll  help  you  every  step  along  the  way.  Whether 
it's  planning  and  design,  testing  and  validation,  systems  management,  or  our  award-winning  24  x  7  service  and  support, 
Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage.  So  make  life  easy  on  yourself 
and  get  a  big  advantage  over  your  competition  -  with  a  unique  IT  solution  from  Dell. 


Dell  Rated  #1  in  Intel-Based  Server  Satisfaction 

21  Out  of  22  Consecutive  Quarters 
Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

First  Quarter  2003 
-July  2003 


Call:  M-F  7a-8p  Sat  8a-5p,  CT 

Pric  ng.  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts.  U.S.  Dell  Small  Business  new  purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography 
or  photography.  ‘This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the 
approval  of  the  FCC  has  been  obtained.  'Service  may  be  provided  by  third  party.  Technician  will  be  dispatched  following  phone-based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing  dependent 
upon  time  of  day  call  placed  to  Dell.  U.S.  only.  "DDR  333  memory  runs  at  320MHz  when  used  with  800MHz  FSB  processors.  “Monthly  payment  based  on  pre-rebate  price  for  48-month  80  Days  Same-As-Cash-QuickLoan  with  46  payments  at  9.99%  interest  rate. 
Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days  after  product  ships),  interest  will  accrue  during  those 
first  60  days  and  a  documentation  fee  may  apply.  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Minimum  transaction  size  of  $500  required.  Maximum  aggregate  financed  amount  for  the  paperless  acceptance  not  to  exceed 


FILE  AND  PRINT  SERVERS 

From  entry-level  servers  to  robust  rack-mountable  solutions  that  fit  existing  infrastructures. 


NEW  PowerEdge™  400SC  Server 

Small  Business  Value  Server 

•  Intel®  Celeron®  Processor  at  2GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.20GHz 
with  800MHz  Front  Side  Bus” 

•  128MB  333MHz  ECC  DDR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel®  PRO  Gigabit50  NIC 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


NEW  PowerEdge™  650  Server 

Low-Cost,  General-Purpose  1U  Server 

•  Intel®  Pentium®  4  Processor  at  2.40GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.06GHz 

•  128MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  3GB  of  SDRAM 

•  20GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  146GB  of  Internal  Hard  Drive  Storage 

•  ATA  100  IDE  RAID  Controller  Available 

•  Intel®  PRO  Gigabit50  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


*399 


E-VALUE  Code:  18580-S20903g 


*1199 


as  low  as  $33/mo.,  (46  pmts.30) 

E-VALUE  Code:  18580-S20911g 


DATABASE  AND  WEB  HOSTING  SERVERS 
Application-specific  servers  that  can  meet  most  any  challenge. 


PowerEdge™  2600  Server 

High-Performance  Tower  Server 

•  Intel®  Xeon”  Processor  at  2.80GHz 

•  Dual  Intel®  Xeon”  Processor  Capable  (Up  to  3.06GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  6GB  of  SDRAM 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Active  ID  Bezel  for  Manageability 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  'ow  as  $43/mo.,  (46  pmts?0) 

§  JJJ  E-VALUE  Code:  18580-S20915g 


NEW  PowerEdge™  1750  Server 

1U  High-Performance  Rack  Server 

•  Intel®  Xeon”  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon”  Processor  Capable  (Up  to  3.06GHz) 

•  256MB  266MHz  ECC  DDR  SDRAM  (Up  to  8GB) 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Integrated  Dual-Channel  Ultra320  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

CIQQ  as  'ow  as  546/mo.,  (46  pmts.30) 

|  E-VALUE  Code:  18580-S20916g 


SERVICES 

Purchase 

•  Dell  offers  a  wide  range  of  reliable,  award-winning 
technology,  all  delivered  from  a  single  point  of 
contact  -  and  our  expert  sales  associates  are 
there  to  help  you  find  the  technology  that's  right  for 
your  business. 

Installation  -  Starting  at  $199 

•  Once  you've  selected  the  right  technology,  Dell  can 
help  you  get  it  up  and  running  quickly  and  cost- 
effectively  with  our  custom  on-site  installation  and 
configuration  services. 

Training  &  Certification  -  Starting  at  $100 

•  After  installation,  Dell  can  help  turn  your  employees 
or  IT  staff  into  experts  on  your  new  technology 
through  a  variety  of  training  and  certification  courses  - 
helping  increase  your  business'  long-term  productivity. 

Service  &  Support 

•  The  support  doesn't  end  at  the  sale.  Dell's  award¬ 
winning  service  and  support  offerings  help  ensure 
that  your  new  network  remains  up  and  running  - 
with  Web,  phone  or  on-site  service3  and  support. 


4-WAY  SERVERS 

Handle  intense  networking  needs  with  ease. 

PowerEdge™  6600/6650  Servers 

Quad  Processing  Power  in  Rack-Mountable  or 
Tower  Form  Factors 

•  Up  to  Four  Intel®  Xeon”  Processors  at  2GHz 

•  Up  to  32GB  DDR200  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives,  Hot-Swap  Redundant  Fans 
and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

Cjryiflfl  as  lowas$147/mo„  (46  pmts.30) 

starting  at  ^  j4j  J  E-VALUE  Code:  18580-S20954g 


NETWORK  SWITCHES 
Design  a  powerful  network  by  enhancing  it 
with  scalable,  high-performance  switches. 

PowerConnect™  2000/3000/5000  Switches 


PowerConnect”  2000  Series  -  Starting  at  s89 

•  Affordable,  Easy-to-lnstall  Unmanaged  Switches 

PowerConnect"  3000* *  Series  -  Starting  at  *549 

•  Stackable,  Enterprise-Class  Managed  Switches 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

PowerConnect"  5000*  Series  -  Starting  at  *1199 

•  High-Performance,  All-Gigabit  Managed  Switches 

•  Layer-3  Aware  Class  of  Service  Prioritization 


Next  Business  Day  Advanced  Exchange  Service52  Included 


STORAGE  OPTIONS 

Enhance  your  server  capabilities. 

Dell  PowerVault™  725N  NAS 


Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  1 ,70GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  2.60GHz 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1  Terabyte  of  Internal  Storage  Capacity 

•  Microsoft®  Windows®  Powered  Network  Attached  Storage 


*1799 


as  low  as  $49/mo„  (46  pmts?0) 

E-VALUE  Code:  18580-S20917n 


Dell  I  EMC 


If  you  have  more  than  300GB  of  storage,  visit  www.dell.com/storage4mybiz 
for  low  prices  on  Dell/EMC  storage  arrays. 


Solutions  that  fit.  Easy  as 


DOLL 


Clickwww.dell.com/bizsolutions  Call  1-800-678-1626 


$25,000.  If  your  order  exceeds  $25K,  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing.  QuickLoan  arranged 
by  CIT  Bank  to  Small  Business  customers  with  approved  credit.  “This  term  indicates  compliance  with  IEEE  standard  802.3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  1  GB/sec.  For  high-speed 
transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required.  “Technician,  replacement  part  or  unit  (depending  on  service  contract)  will  be  dispatched,  if  necessary,  following  phone-based 
troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing  dependent  upon 
time  of  day  call  placed  to  Dell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished.  U.S.  only.  Dell,  the  stylized  E  logo,  E-Value,  PowerEdge,  PowerConnect  and  PowerVault  are  trademarks  of  Dell  Inc.  Intel,  Intel  Inside, 
the  Intel  Inside  logo,  Intel  Xeon,  the  Intel  Xeon  logo ,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2003  Dell  Inc.  All  rights  reserved. 


GO 

Online  For 
Latest  Prices 
and  Weekly 
L  Promotions  ) 


VENDOR 


RELATIONSHIPS 


Vendor 

Consolidation, 

A  Look  Back 

MERGERS  AND  THEIR  CONSEQUENCES  have  again  been  very 
much  on  CIOs’  minds  with  PeopleSoft’s  recent  acquisition  of  J.D. 
Edwards  and  Oracle’s  threatened  takeover  of  PeopleSoft.  The 
familiar  refrain — what  will  become  of  the  end  users? 

It’s  a  scenario  with  ample  precedent.  Back  in  the  days  when 
John  Kennedy  lived  in  the  White  House,  eight  vendors  dominated 
the  U.S.  mainframe  market.  IBM’s  share  reached  as  high  as 
60  percent.  The  rest  was  divided  among  the  so-called  Seven 
Dwarfs:  Burroughs,  Control  Data,  GE,  Honeywell,  NCR,  RCA 
and  Univac.  A  few  years  later,  Honeywell  acquired  GE’s  computer 
division  and  Univac  swallowed  RCA’s  leaving  a  gaggle  of  IBM- 
wannabees  known  by  the  acronym  BUNCH.  As  consolidations 
winnowed  the  bunch,  each  stage  left  another  customer  group  bereft 
of  its  chosen  computer  architecture  and  struggling  to  adapt. 

The  lessons  from  data  centers  past  are  both  encouraging  and  dis¬ 
concerting.  Veterans  of  the  mainframe  market  shakeout  say  the 
vendors  did  try  to  support  their  customers’  migrations  to  new  sys¬ 
tems.  On  the  other  hand,  they  and  observers  warn  that  2003  is  not 
1963,  or  even  1983.  Today’s  technology  markets  are  more  com¬ 
petitive,  and  vendor-user  relations  are  not  as  genteel. 

The  bottom  line:  CIOs  should  expect  some  important  bumps  as 
mature  enterprise  software  markets  such  as  ERP  move  toward 
consolidation.  The  mainframe  veterans  certainly  saw  their  share. 


When  the  mainframe  market  con¬ 
solidated,  CIOs  of  the  1970s  and 
1980s  suffered  sleepless  nights. 
And  yet,  IT  veterans  say,  it  was  an 
easier  time  for  technology  migra¬ 
tions  compared  with  today’s  world. 


“There  were  lots  of  sleepless  nights,”  recalls  Paul  Strassmann,  a 
former  CIO  at  Xerox,  which  itself  briefly  entered  the  mainframe 
business.  Strassmann,  who  also  served  as  CIO  at  the  Defense 
Department,  says  he  was  hired  by  Xerox  in  about  1970  “to  get  rid 
of  our  IBM  mainframes  and  install  our  own  Xerox  mainframes.” 
He  did.  Xerox  ran  more  than  100  of  the  systems,  he  says,  but 
then  in  1974,  Xerox  sold  its  mainframe  business  to  Honeywell. 

Honeywell  worked  hard  for  several  years  trying  to  make  the 
marriage  work,  but  eventually  there  weren’t  enough  spare  circuit 


boards  for  the  Xerox  machines,  and  field  service  engineers  had  to 
develop  workarounds,  Strassmann  says.  “Our  maintenance  costs 
went  up  and  up,”  he  adds.  So,  Xerox  migrated  to  Honeywell  iron. 

Then,  in  the  1980s,  Strassmann’s  data  centers  took  another  blow 
when  Honeywell  sold  what  was  left  of  its  mainframe  operations  to 
a  “maintenance  only”  unit  of  Wang  Laboratories.  The  Wang  engi¬ 
neers  could  fix  things,  says  Strassmann,  but  if  you  wanted  major 
parts  or  additional  equipment,  you  had  to  search  the  used  market. 
“It  was  as  if  they  cut  off  both  arms  at  the  elbow,”  he  says. 

Despite  Strassmann’s  experiences,  though,  John  Phelps,  a  vice 
president  at  Gartner  and  himself  a  30-year  IBM  veteran,  says  most 
of  the  mainframe  transitions  of  years  past  were  heavily  supported 
by  the  surviving  vendor.  “Usually  the  vendors  developed  exten¬ 
sive  conversion  programs,”  he  says,  referring  to  both  software 
programs  and  support  teams.  “It  wasn’t  a  large  universe  of  cus¬ 
tomers,  so  vendors  didn’t  want  to  alienate  them,”  he  adds. 

George  Gray,  a  systems  programmer  for  the  Georgia  Depart¬ 
ment  of  Administrative  Services,  says  that  the  1986  Sperry/Univac 
takeover  of  Burroughs  “was  very  scary  at  the  time,  but  they  man¬ 
aged  to  keep  delivering  the  product,  especially  the  software.”  And 
today  Gray  still  runs  what  he  terms  the  great-grandchild  of  his 
1986  Burroughs  machine,  called  ClearPath  Plus  from  Unisys 
(formed  from  the  mergers  of  Sperry  and  Univac  and  Burroughs). 
Support  levels  did  deteriorate,  though — something  Gray  attributes 
to  industry  changes  rather  than  to  the  merger. 

Outsourcing  expert  Robert  E.  Zahler,  a  partner  at  Washington 
law  firm  ShawPittman,  says  the  mainframe  market  shakeout 
occurred  in  an  emerging  market. 

“The  Seven  Dwarfs  weren’t  stable  economically,”  Zahler  says, 
whereas  today’s  mergers  occur  in  a  mature  market.  Thus,  he  pre¬ 
dicts  that  J.D.  Edwards  will  disappear  within  PeopleSoft,  whose 
own  products  may  fade  if  it  is  taken  over.  “The  product  lines  will 
evolve,  and  the  outlying  functions  will  gradually  disappear,”  he 
says.  And  the  users  will  have  to  learn  to  like  it.  -Alan  R.  Earls 


3  2  CIO  OCTOBER  1,  2003 


www.cio.com 


ILLUSTRATION  BY  DAN  PICASSO 


Advertorial 


How  Content  Management 
Technologies  Can  Deliver 
Bottom-Line  Results 


LEGATOsolutions 


uL  *j 

kj  i_y 

access  availability  protection 


Reduce  Costs,  Improve  Productivity  and  Increase  Efficiency 
Through  Enterprise  Content  Management 


Content  management  technologies  have  moved  beyond  their  traditional  mission  to 
capture  and  organize  data  for  better  access  and  retrieval.  The  real  benefits  of  today's 
content  management  strategies  are  reduced  costs,  improved  productivity  and  collabo¬ 
rative  business  processes.  With  the  ever-present  mandate  to  improve  ROI  and  lower 
Total  Cost  of  Ownership  (TCO)  for  IT  investments,  content  management  is  a  win/win  for 
both  IT  and  your  organization. 

Consider  some  of  your  own  core  business  functions  such  as  accounting,  human 
resources,  and  customer  support  —  chances  are,  you  are  still  using  a  combination  of 
paper  documents,  email,  manual  searches,  and  other  time-intensive  processes.  These 
inefficiencies  result  in  overhead  expenses,  rework  and  mistakes  —  but  the  good  news 
is  that  today's  content  management  technologies  can  make  significant  operational 
improvements  and  provide  tangible,  bottom-line  results. 

Automated  Processes  Integral  to  Business  Management 

Large  or  small,  public  or  private,  anywhere  in  the  world...  virtually  all  organizations  are 
driven  on  some  level  by  the  day-to-day  processes  that  support  business  operations. 
Today's  employees  know  that  their  organization  depends  on  their  ability  to  collect, 
manage  and  deliver  the  right  information  to  the  right  person  at  the  right  time.  That's  why 
many  organizations  are  implementing  automated,  integrated  content  management 
solutions.  With  integrated  content  management,  you  can  achieve  gains  in  three  critical 
areas: 

■  Productivity  -  Any  business  function  can  become  more  efficient  when  the  data  it 
needs  to  perform  that  function  is  readily  accessible  and  usable.  For  example,  with 
integrated  content  management,  an  accounting  staff  can  better  track  payables  and 
speed  up  payment  to  vendors  -  ultimately  improving  the  company's  credit  rating  and 
lowering  the  overall  cost  of  credit. 

■  Efficiency  -  With  integrated  content  management,  your  employees  will  be  able  to 
seamlessly  access,  retrieve  and  process  electronic  data,  versus  spending  time  on 
manual  searches  or  other  time-consuming,  outdated  processes. 

■  Compliance  -  In  most  organizations,  certain  types  of  data  must  be  retained  for  many 
years  for  auditing  and  tax  purposes.  Conversion  of  paper  documents  to  electronic 
formats  significantly  reduces  the  amount  of  storage  space  required  for  documents  - 
therefore  reducing  or  eliminating  your  costs  for  off-site  archival  storage.  And,  you 
can  readily  access  the  documents  you  need  in  the  event  of  an  audit  or  other 
enforcement  action,  speeding  resolution. 

Selecting  a  Content  Management  Solution  for  Your  Accounting  Function 

To  understand  the  benefits  that  can  accrue  from  an  integrated  content  management 
solution,  consider  the  accounts  payables  (AP)  function  -  a  universal  business  operation. 


An  integrated  content 
management  solution  for 
accounting  should  include: 

■  Electronic  repository  of  all 
accounting  data,  with 
Web-based  access  to  that  data 

■  Workflow,  or  business 
process  capabilities  to 
streamline  operations 

■  Integation  with  other 
software  applications 

■  Secure,  accessible  storage 
of  electronic  data  for 
cost-effective  storage  and 
compliance  requirements 


An  integrated  content  management  solution  for  AP  should 
include  five  core  capabilities: 

■  An  electronic  repository  of  all  source  documents  -  Your 
organization  will  speed  up  processing,  minimize  manual 
searches  and  create  a  valuable  repository  of  data  by 
converting  paper  documents  into  an  electronic  format.  This 
can  be  done  via  scanning  technologies  that  should  be  part 
of  your  overall  content  management  solution.  Scanning  also 
minimizes  the  space  and  overhead  associated  with  files  and 
boxes  of  paper  documents. 

■  Browser-based  access  to  accounting  data  -  A  Web 

interface  to  your  electronic  data  means  your  staff  can 
process  documents  no  matter  where  the  data  or  the  staff 
person  resides.  As  a  result,  your  staff  can  be  productive, 
regardless  of  location,  time  zones  and  other  constraints 
associated  with  traditional  accounting  processes.  The  AP 
operations  can  be  done  with  keystrokes  and  mouse  clicks, 
not  manual  searches,  faxes,  and  multiple  hardcopies. 

■  Workflow,  or  business  process  automation  capabilities  - 

Automating  specific  processes  in  accordance  with  your 
organization's  business  rules  can  dramatically  improve 
efficiency.  Once  a  particular  step  in  a  process  is 
completed,  say  matching  an  invoice  to  the  purchase  order  in 
the  accounts  payables  process,  the  document(s)  are 
automatically  forwarded  to  the  appropriate  person  for  the 
next  stop  in  the  process. 

■  Integration  with  existing  accounting  applications  -  The 

content  management  solution  you  select  needs  to  feature 
open  architecture  and  software  development  kits  to  allow 
for  easy  integration  with  your  existing  applications.  This 
type  of  integration  can  enable  users  to  access  documents 
directly  from  within  the  accounting  application. 

■  Data  protection  -  Finally,  no  integrated  content  manage¬ 
ment  solution  would  be  complete  without  secure,  accessible 
storage  and  data  protection.  Look  for  a  data  storage  and 
management  component  that  is  flexible  enough  to  let  you 
choose  the  storage  media  that  is  best  for  your  organization 
-  including  optical,  WORM,  Tape,  DVD  and  CD,  as  well  as 
newer  disk-based  options. 

In  addition  to  the  above  capabilities,  be  sure  to  select  a  content 
management  solution  that  is  backed  by  a  company  with  the 
experience,  resources  and  support  that  you  need. 


The  benefits  of  applying  content  management 
technologies  to  your  organization  include: 

■  Reduced  costs 

■  Improved  productivity  through  fewer  manual  processes 

■  More  efficient  use  of  document  and  other  content  that 
drives  day-to-day  operations 


LEGATO's  ApplicationXtender®  Suite,  Used  to  Streamline 
Processes  in  Thousands  of  Organizations  Worldwide 

As  you  evaluate  integrated  content  management  solutions  for 
your  organization,  be  sure  to  consider  LEGATO  Systems,  Inc. 
LEGATO  Systems  is  a  global  provider  of  data  management 
solutions  that  drive  operational  efficiency  and  business  continu¬ 
ity.  Our  integrated,  automated  content  management  solutions 
have  been  implemented  in  thousands  of  organizations  around 
the  world  in  many  industries  -  including  finance,  healthcare, 
telecommunications,  manufacturing  and  education. 

ApplicationXtender®,  the  core  of  LEGATO's  content  manage¬ 
ment  solution,  takes  a  unified  approach  to  data  collection, 
generation,  management  and  delivery.  It  enables  access 
through  a  universal  interface  by  intelligently  indexing,  organiz¬ 
ing  and  storing  data  from  across  the  enterprise.  Other  key 
components  of  LEGATO's  content  suite  include  WebXtender®, 
ERMXtender®  and  WorkflowXtender®. 

The  newest  addition  to  the  ApplicationXtender  family  is 
WorkflowXtender®  for  AP.  Designed  to  be  largely  an  "off  the 
shelf"  application,  WorkflowXtender  for  AP  helps  maximize  the 
efficiency  and  productivity  of  the  accounting  process.  It's  easy 
to  install  and  configure  and  provides  a  complete  solution  that 
captures  invoices  and  manages  the  review  and  approval  activi¬ 
ties  through  to  payment.  LEGATO  also  offers  customized 
workflow  solutions  for  accounts  payables. 

All  Xtender  products  are  built  on  a  solid  foundation  that 
includes  comprehensive  data  storage  management  through 
LEGATO's  award-winning  DiskXtender®  product,  which  provides 
virtually  infinite  storage  capacity  for  content.  In  addition, 
DiskXtender  allows  organizations  to  choose  the  storage  media 
that  best  meets  their  access,  retention  and  cost  requirements, 
including  NAS,  Optical,  WORM,  Tape,  DVD  and  CD,  as  well  as 
the  latest  ATA  disk-based  devices. 

The  ApplicationXtender  suite  provides  comprehensive  capture 
capabilities  for  your  enterprise  data,  including  imaging, 
electronic  file  support,  faxes  and  computer  output  reports  for 
both  traditional  COLD  (text-based  reports)  as  well  as  advanced 
printstreams  (AFP,  Metacode,  PCL  and  PDF).  The  suite  will  also 
capture  index  information  from  the  various  formats,  and  store 
the  indexes  in  a  centrally  available  repository  -  which  also 
creates  a  virtual  repository  for  all  content. 

ApplicationXtender  supports  a  comprehensive  content  manage¬ 
ment  strategy,  and  can  help  your  organization  achieve  signifi¬ 
cant  cost  savings  and  productivity  gains  for  an  outstanding  ROI. 

For  more  information  about  ApplicationXtender 
for  Accounting  and  LEGATO  Systems, 
visit  www.legato.com/solutions/accounting 
or  call  888-853-4286. 


U  LEGATO 

Keeping  the  World's  Business-Critical  Information  Available 


LEGATO  Systems,  Inc. 

2350  West  El  Camino  Real,  Mountain  View,  CA  94040  USA 

Tel  (650)  210.7000  •  (888)  853.4286  I  Fax  (650)  210.7032  I  www.legato.com 

For  a  complete  listing  of  LEGATO  Systems  offices  worldwide,  please  visit  http://www.legato.com/offices/ 


LEGATO  and  the  LEGATO  logo  are  registered  trademarks,  and  LEGATO  NetWorker,  NetWorker,  LM:,  Celestra,  GEMS,  SmartMedia,  Co-StandbyServer,  RepliStor,  SnapShotServer,  QuikStartz,  SAN  Academy,  AlphaStor,  ClientPak,  Xtender, 
XtenderSolutlons,  DiskXtender,  ApplicationXtender,  ArchiveXtender,  and  EmaiIXtender  are  trademarks  or  registered  trademarks  of  LEGATO  Systems,  Inc.  This  is  a  non-exhaustive  list  of  LEGATO  trademarks,  and  other  trademarks  may  be  the 
property  of  their  respective  owners. 


Information  regarding  products,  services  and  offerings  may  be  superseded  by  subsequent  documents.  For  the  latest  information  and  specifications  regarding  LEGATO  Systems,  Inc.  and  any  of  its  offerings  or  services,  please  contact  your  local 
sales  office  or  the  Corporate  Headquarters.  ©2003  LEGATO  Systems,  Inc.  Printed  in  the  U.S.A. 


^uVom  Publishing 
Advertising  Supplement 


4>Ofet)TI 


DATE  AND 
TE  p.12  ^ 


ING  BUSINESS 


ajy 

Jil 

TfTMjTTHTj 

Gll££ 

lPiTj!liS 

[jam 

ffil 

iv4AKi 

|f 


©  2003  Storage  Technology  Corporation,  Louisville,  CO.  All  rights  reserved 
and  Save  the  Day  are  either  trademarks  or  registered  trademarks  of  Stora 


I  can't  pull  all-nighters  every  night. 


Thing  is,  our  backup  and  recovery  system  has  to. 


It  can't  rest. 


Not  even  for  a  second. 


EchoView™ 


Make  sure  your  data's  always  safe  and  you'll  save  yourself  a  lot  of  worry.  And  work.  One  way  is  with  EchoView™.  A  potent,  new  data- 
protection  appliance  that  continually  captures  and  journals  data  as  soon  as  it's  written,  for  nonstop  protection.  And  EchoView™  provides 
rapid  recovery  to  any  point  in  time,  to  keep  business  humming.  So  while  your  systems  may  be  disrupted,  your  nights  won't  be. 
Learn  all  the  ways  we  can  help  you  at  www.savetheday.com.  ^3  StorageTek*  Save  the  Day.™ 


I 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS  I  AGENDA 


STORAGE  SOLUTIONS: 

SAVE  THIS  EDITION 


While  on  the  topic  of  stor¬ 
age,  let  me  give  you  a 
piece  of  sound  advice: 
hold  onto  this  particular 
Strategic  Directions  edi¬ 
tion.  Get  extra  copies  if 
you  have  to,  and  lock 
some  away  in  a  safe 
place  for  later  retrieval 
and  reference.  Whatever  you  do,  don’t 
let  this  issue  tall  into  the  desktop  pile  of 
to-be-reads  that  never  gets  read. 

Because  of  all  the  key  topics  we 
could  be  exploring  (and,  hey,  in  the 
Strategic  Directions  series,  they’re  all 
key  topics),  none  is  any  more  front- 
and-center  and  of-the-moment  than 
data  storage  and  management. 

Excuse  me.  Make  that  “Data  and 


BY  TOM  FIELD 

Storage  Solutions”  because,  really, 
that’s  what  we’re  here  to  discuss:  new 
ways  to  tackle  the  ever-growing  prob¬ 
lem  of  storing  and  securing  all  this  vital 
data  we  collect. 

At  a  time  when  CIO  Magazine’s 
annual  “State  of  the  CIO”  survey 
reveals  integration,  cost-reduction, 
alignment  and  security  as  the  top  four 
priorities  challenging  IT  leaders,  stor¬ 
age  cuts  to  the  heart  of  each  of  them. 
In  this  age  of  electronic  commerce, 
data  is  the  coin  of  the  realm.  Integrat¬ 
ing  and  securing  this  data  in  the  most 
cost-efficient,  business-driven  manner 
possible — that’s  the  task  entrusted  to 
IT  leaders.  And  it’s  the  mission  of  this 


critical  Strategic  Directions  edition  to 
offer  new  strategies  and  solutions  on 
such  core  topics  as: 

■  Taking  stock  of  information  assets; 

■  Maximizing  data  investment; 

■  Dealing  with  unstructured  data; 

■  Storage  management  technologies 
and  techniques; 

■  The  ROI  of  data  management. 

By  no  means  is  this  Strategic  Direc¬ 
tions  edition  the  last  word  on  storage 
management,  but  I’d  like  to  think  it 
furthers  the  conversation  gready. 

About  Strategic  Directions:  As 
you  know,  Strategic  Directions  is  the 
ongoing  series  of  CIO  Magazine  sup¬ 
plements,  produced  by  CIO’s  Cus¬ 
tom  Publishing  group,  focusing  on 
the  key  business-critical  technologies 
and  solutions  of  the  day.  Through 
research,  analysis,  case  studies  and 
vendor  profiles,  Strategic  Directions 
provides  an  executive-level  primer  to 
the  hot  topics  on  the  minds  of  senior 
IT  and  business  leaders. 

Please  let  us  know  what  you 
think — about  Strategic  Directions  in 
general,  this  edition  in  particular,  and 
ideas  you’d  like  us  to  tackle  in  future 
editions.  Got  any  storage  manage¬ 
ment  best-practices  you’d  like  to 
share  with  other  IT/business  leaders? 
Send  them  to  me;  I’ll  pass  them 
along  in  our  next  issue. 

Thanks  for  reading  Strategic 
Directions.  And  thanks  in  advance  for 
writing  in  with  your  feedback. 

Tom  Field 

Director  of  Content  Development 

CXO  Media  Custom  Publishing 

Tfield@cxo.com 


READER  FORUM 

To  the  Editor: 

This  issue  on  Security  takes  home  the 
trophy.  In  fact,  you  could  do  all  four 
issues  this  year  on  the  changing  face  of 
security  in  technology  —the  corporate 
environment  includes  all  forms  of  tech 
innovation  from  PDA  and  tablet  PC  to 
cell  phone  hybrid  with  internet  access. 
I’m  particularly  interested  in  the  vul¬ 
nerabilities  of  satellite  connections  and 
extended  range  wi-fi  (from  7  miles  to  30 
miles). 

It’s  a  winner.  Congrats.  I’m  using  it 
rather  than  just  reading  it  with  interest 
as  with  most  other  CIO  issues. 

Dick  Bouslough 
IS  Dir 

Forest  Home  Inc. 


To  the  Editor: 

Just  catching  up  on  my  reading  and 
caught  your  article  on  Outsourcing  in 
the  Strategic  Directions  series  in  the 
June  15  CIO  magazine.  The  tips  in  the 
article  are  right  in  line  with  my  thinking 
and  our  experience  managing  a  SI  bil¬ 
lion  outsourcing  deal  with  Unisys  Corp. 
as  our  partner.  Particularly  liked  the 
line  about  outsourcing  being  an 
engagement  -  “...for  it  to  succeed  then 
parties  on  both  sides  of  the  deal  have  to 
remain  fully  engaged”. 

Keep  up  the  good  work! 

Pat  Schambach 

Assistant  Administrator  and  CIO 
Transportation  Security  Administration 
U.S.  Department  of  Homeland  Security 


' 


STRATEGIC  DIRECTIONS  3 


CIO  ADVERTISING  SUPPLEMENT 


PATH  AMD  STORAGE  SOLUTIONS  | INFORMATION 

INFORMATION: 

GETTING  ALL  YOU  CAN  FROM 
YOUR  MOST  IMPORTANT  ASSET 


xtracting  more  value  from 
existing  resources,  in  partic¬ 
ular  data  and  storage  assets, 
is  a  top-of-mind  challenge 
for  CIOs,”  says  Guido  Sac- 
chi,  chief  information  officer 
of  credit  card  provider 
CompuCredit. 

To  make  it  happen,  you 
have  to  pull  more  value 
from  your  existing  IT  infrastructure  and 
stretch  legacy  technologies  and  applica¬ 
tions  to  fit  new  demands. 

“The  first  step  for  IT  departments 


should  be  to  devise  a  clear  strategy  for 
informational  assets,  focused  on  archi¬ 
tecture,”  Sacchi  says.  “Architectural 
design  is  the  key  to  unlocking  value, 
and  it  helps  the  organization  define 
where  true  business  value  resides  and 
what  can  be  considered  a  ‘■utility’.” 


What  will  it  take?  Here’s  the  short  list: 
■  OWN  YOUR  STRATEGY  AND  YOUR 
ARCHITECTURE.  It’s  critical  for  CIOs  to 
demonstrate  leadership  so  that  precious 
budget  dollars  are  not  spent  in  unneces¬ 
sary  investments,  says  Sacchi.  “Engage 
vendors  in  implementing  an  effective 
architectural  design  driven  by  the  com¬ 
pany’s  business  model  and  demand  for 
informational  assets.  CIOs  should 
implement  what  they  have  designed 
and  be  the  owners  of  critical  business 
knowledge,  as  opposed  to  abdicating 
this  responsibility  to  vendors.” 


■  APPLY  ASSET  MANAGEMENT  PRINCIPLES. 

“It’s  striking  that  many  people  talk 
about  data  as  an  asset  yet  forget  to 
apply  fundamental  asset  management 
principles,”  says  Sacchi.  For  example, 
one  of  the  main  tasks  for  IT  depart¬ 
ments  should  be  to  understand  the 


criticality  of  informational  assets.  This 
approach  has  inspired  a  deep  under¬ 
standing  of  data  criticality  at  Compu¬ 
Credit  and  has  led  to  more  than 
$500,000  worth  of  freed-up  capacity 
in  just  the  first  six  months  of  the  new 
strategy’s  execution.  As  a  result,  Com¬ 
puCredit  completed  an  acquisition 
without  additional  capital  investments 
in  storage  resources. 

■  KEEP  IN  MIND  DATA,  STORAGE  AND  BUSI¬ 
NESS  CONTINUITY  POLICIES.  “Every 
organization  should  have  at  least  min¬ 
imal  policies  relating  to  retention  and 
expiration  of  files  on  online,  near-line 
and  offline  storage  systems,”  explains 
Hernan  Alvarez,  vice  president  of 
infrastructure  at  the  mobile-media 
company  Mobliss,  Inc.  “Nearly  every 
element  should  be  included.”  Impor¬ 
tant  ones  include  data  lifecycle  and 
recovery  priority.  The  data  manage¬ 
ment  plan  needs  to  be  tightly  inte¬ 
grated  with  any  disaster  recovery  plan. 
As  the  business  grows,  the  data  man¬ 
agement  plan  will  change,  and  disas¬ 
ter  recovery  needs  to  follow.  If  the 
two  are  out  of  sync,  mean  time  to 
recovery  will  be  greater  than  the  busi¬ 
ness  can  withstand  without  unaccept¬ 
able  cost,  and  data  loss  may  occur. 


“EXTRACTING  MORE  VALUE _ 

FROM  EXISTING  RESOURCES,  IN 
PARTICULAR  DATA  AND  STORAGE 

ASSETS.  IS  A  TOP-OF-MIND _ 

CHALLENGE  FOR  CIOs.” _ 

—  GUIDO  SACCHI,  CIO,  COMPUCREDIT 


4  STRATEGIC  DIRECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS  INFORMATION 


££ 


THE  AMOUNT  OF  UNSTRUCTURED 


DATA  IN  ORGANIZATIONS  IS  NOW  SIG¬ 
NIFICANTLY  LARGER  THAN  THE _ 


AMOUNT  OF  STRUCTURED  DATA.” 


—BILL  RUH,  SR.  VP,  PROFESSIONAL  SERVICES,  SOFTWARE  AG 


■  CONSOLIDATE  INFORMATION  RESOURCES. 

Decision  makers  can’t  get  an  enterprise¬ 
wide  view  of  the  business  if  vital  infor¬ 
mation  is  scattered  and  difficult  to 
obtain.  Sometimes  consolidation  means 
integrating  physical  resources — data, 
applications— and  revamping  business 
processes.  Sometimes  it  means  re-archi¬ 
tecting  infrastructure.  Sometimes  it 
means  virtualization.  For  many  organi¬ 
zations,  consolidation  means  upping 
the  ante  when  it  comes  to  managing 
data,  which  must  be  synchronized, 
transformed  and  integrated  from  mul¬ 
tiple  systems.  Such  integrated  data  may 
reside  in  a  virtual  database,  a  very  large 
centralized  database  or  a  distributed, 
networked  system  based  on  Web  serv¬ 
ices  standards  like  XML  (extensible 
markup  language). 

■  INVEST  IN  STRUCTURED  AND  UNSTRUC¬ 
TURED  DATA  MANAGEMENT.  Data  man¬ 
agement  investments  can  boost  produc¬ 
tivity,  make  customer- satisfaction  work 
more  valuable  and  efficient,  and  insti¬ 
tute  a  single,  topside  view  of  the  busi¬ 
ness.  The  challenge:  keeping  databases 
manageable  as  they  grow  to  petabyte - 
plus  sizes  while  responding  to  a  push  for 
zero-latency  business  processes  as  well. 
It  can  be  accomplished  with  increasing¬ 
ly  sophisticated  database  design  and 
management  tools,  as  well  as  ubiquitous 
standards  and  faster  interconnections 
that  can  move  data  quickly  among  a 
multitude  of  legacy  systems.  Getting  the 
most  out  of  all  corporate  resources  also 
means  finding  more  fruitful  ways  to 
exploit  the  knowledge  contained  in  the 
vast  amounts  of  unstructured  data  (doc¬ 
uments,  for  example)  that  every  organ¬ 
ization  produces.  IT  has  to  boost  end 
users’  ability  to  access  that  data — 
through  portals,  which  serve  as  a  stan¬ 
dard  interface  that  may  be  centrally 
managed,  and  new  kinds  of  search  capa¬ 
bilities.  Of  course,  all  this  data  must  be 
stored  efficiently  and  safely  even  as  data 


volumes  continue  to  explode.  Storage 
networking,  consolidation  and  resource 
management  solutions  that  exploit  open 
standards  to  ease  administrative  costs 
and  infrastructure  complexity  are 
among  the  answers  many  organizations 
are  exploring. 

■  DON’T  FORGET  ABOUT  SECURITY. 

“Often,  a  database  is  secured  very  well, 
but  an  extract  or  backup  copy  has  very 
little  security,”  notes  Bob  Venable, 
manager  of  enterprise  systems  at  Blue 
Cross  and  Blue  Shield  of  Tennessee. 
“We  need  to  keep  up,  so  we  need  secu¬ 
rity  that  follows  data  and  ways  to  iden¬ 
tify  what’s  inside  a  file.” 

■  MAKE  IT  A  UTILITY.  The  ability  to  fine- 
tune  IT  resources  in  immediate  response 
to  changing  business  conditions  can 
lower  costs  and  save  time.  The  idea  is  to 
model  the  corporate  IT  function  after  a 
utility:  services  are  delivered  transparent¬ 
ly,  without  interruption,  so  end  users  can 
focus  on  the  business  task  at  hand  rather 
than  the  twists  and  turns  of  technology. 
Utility  computing  empowers  IT  depart¬ 
ments  to  offer  usage-based  chargebacks. 
Different  user  needs  are  met  with  vary¬ 
ing  levels  of  service  and  availability  that 
can  be  formalized  with  service-level 
agreements.  The  resulting  accountabili¬ 
ty  means  that  IT  can  more  efficiently 
allocate  assets  and  control  costs,  track 
changing  user  needs  with  greater  preci¬ 
sion,  and  fashion  and  exploit  a  more  flex¬ 
ible  infrastructure  with  better-planned 
hardware  and  software  deployments.  It 


can  also  align  itself  more  closely  with  the 
goals  of  individual  business  units  and  the 
company  overall. 

■  REDUCE  THE  COSTS  OF  TECHNOLOGY 
OWNERSHIP.  As  more  information  tech¬ 
nologies  become  commoditized,  it’s 
critical  to  distinguish  between  IT  activ¬ 
ities  that  are  a  necessary  cost  of  doing 
business  and  those  that  can  induce 
strategic  leverage.  “Remember  to  count 
in  problem  diagnosis  and  resolution,” 
says  Venable.  “Finding  a  problem  can 
take  a  lot  of  time  and  will  be  put  off  by 
busy  people,  resulting  in  downtime 
that’s  possibly  longer  and  more  costly 
than  paying  to  avoid  the  problem  on 
the  front  end.”  Ways  to  trim  the  costs 
of  nonstrategic  technologies  include: 

•  Componentization.  Breaking  up 
enterprise  application  suites  into 
smaller,  more  easily  digestible  pieces 
that  are  implemented  gradually  in 
stages  can  generate  a  more  granular 
return  on  investment  (ROI). 

•  Standardization.  Open  standards  in 
data  management  and  storage  net¬ 
working  can  ease  the  struggle  to  inte¬ 
grate  data  and  applications,  and 
transport  data  between  incompatible 
platforms. 

•  Outsourcing.  Non-core  business 
functions,  such  as  payroll  or  purchas¬ 
ing  non-production  goods,  can  be 
handed  off  to  specialists  who  do  it  for 
less  than  you  can. 

•  Bundling  services.  Negotiating  serv¬ 
ice  contracts  as  part  of  other  purchas¬ 
es  can  save  you,  well,  a  bundle.  SD 


STRATEGIC  DIRECTIONS  5 


CIO  ADVERTISING  SUPPLEMENT 


DATA  IMP  ST OR  AGE  SOLOTIONS |  DATA  MANAGEMENT 

DATA  MANAGEMENT 

IN  A  ZERO-LATENCY  WORLD 


The  value  of  the  topside  per¬ 
spective — the  famous  360- 
degree  view  of  the  customer, 
the  enterprise-wide  view  of 
the  business — is  undisputed. 
But  generally,  a  topside  view 
requires  lots  of  data  from 
many  sources,  and  putting  it 
all  together  is  hindered  by  a  lack  of  stan¬ 
dards  and  databases  designed  for  single¬ 
shot  operational  functions.  Meanwhile, 
mixed-workload  environments  that  com¬ 
bine  operational  as  well  as  analytic  and 
decision-support  functions  strain  legacy 
systems  that  few  can  afford  to  abandon. 

Thus,  two  issues  rise  to  the  fore  in 
data  management:  integration  and 
scalability. 

Integration  is  the  merging,  cleans¬ 
ing  and  standardization  of  data  and/or 
the  integration  of  data  silos.  This  is 
part  of  a  larger  movement  toward 
enterprise  integration  that  will  be 
implemented  with  several  kinds  of 
solutions.  According  to  the  research 
firm  Gartner,  enterprise  integration 
now  consumes  about  35  percent  of 
total  IT  spending,  as  solutions  move 
toward  what  Gartner  calls  the  “service- 
oriented  architecture” — IT  infrastruc¬ 
ture  functionality  exposed  as  services 
accessed  through  well-documented 
interfaces,  and  business  data  and  logic 
shared  among  multiple  applications, 
enabling  reuse  of  services  and  relieving 
developers  of  the  need  to  handle  back¬ 
end  implementation  minutiae. 

Scalability  means  ensuring  that  hard¬ 
ware,  software  and  networks  can  reliably 
and  efficiently  deal  with  increasing 


amounts  of  data  and  quickly  evolving 
business  demands.  Developments  in  hard¬ 
ware  are  making  it  easier  to  scale  databas¬ 
es  to  the  burgeoning  needs  of  end  users. 
Commodity  systems  arrayed  in  a  rack  of 
“blades”  can  be  amassed  by  the  tens,  or 
by  the  thousands,  rivaling  the  power  of 
symmetric  multiprocessors  but  at  less  cost. 
And  networked  storage — notably  storage 
area  networks,  with  or  without  links  to 
network  attached  storage — makes  possi¬ 
ble  the  centralized  management  of  stored 
data  independent  of  the  systems  and 
applications  that  access  them. 

“Most  database  environments 
will  grow  way  in  excess  of  what  any¬ 
one  thought  they  would  at  the  time 
of  original  design  and  purchase,”  says 
Bob  Venable,  manager  of  enterprise 
systems  at  Blue  Cross  and  Blue  Shield 
of  Tennessee.  “When  it  comes  to  seal- 
ability,  think  in  terms  of  total  edge- 
to-edge  performance,  from  the  enter 
key  on  end-user  PCs  to  Ethernet 
communications  lines  to  servers  to 
disk.  Remember,  it’s  about  true  end- 
to-end  performance.” 

irs  ABOUT  THE  BUSINESS 

Driving  data  integration  is  a  mounting 
need  to  deliver  unto  decision  makers  the 
best  possible  information  to  do  their  jobs. 

“No  data  is  standalone  anymore,” 
Venable  says.  “Almost  everyone  has  over¬ 
lapping  business  processes  that  share  data. 
Avoiding  data  duplication  and  accidental 
old  data  copy  utilization  is  important.” 

This  means  bringing  together  data 
from  multiple,  often  incompatible  appli¬ 
cations,  legacy  systems,  enterprise  resource 


planning  (ERP)  systems,  flat  files  and 
more.  Gartner  estimates  that  migrating 
legacy  data  sources  can  eat  up  more  than 
20  times  the  effort  and  resources  required 
to  deploy  an  ERP  application. 

Data  integration  can  be  about 
some  or  all  of  these: 

■  Extract,  transform  and  load  (ETL) 
functions  that  pull  information  from 
databases 

■  Enterprise  application  integration 
(EAI)  tools  that  allow  applications  to 
interact  and  pool  data  across  platform 
environments 

■  Web  services  that  permit  one  app  to 
extract  and  manipulate  data  from 
another. 

DOING  THE  DIRTY  WORK 

Key  to  data  integration  is  clean,  usable 
data.  The  Data  Warehousing  Institute 
estimates  that  poor  data  quality  costs 
U.S.  businesses  more  than  $600  bil¬ 
lion  a  year  in  printing,  postage  and 
staff  overhead,  among  other  expenses. 
Analysts  at  Gartner  expect  that  over 
the  next  three  years,  at  least  50  per¬ 
cent  of  data  warehouse  projects  will 
fail  to  achieve  their  desired  results  due 
to  data  quality  problems. 

Data  cleansing  tools,  which  integrate 
with  ERP,  CRM  and  other  business  intel¬ 
ligence  solutions,  clean  up  mailing  lists  or 
customer  databases  by  searching  for  and 
correcting  duplicate  or  incorrect  address¬ 
es,  for  instance,  or  checking  for  mis¬ 
spellings  or  spelling  variations.  They  can 
identify  miscategorized  data  and  apply 
customizable  rules  to  ensure  that  the  data 
entered  is  appropriate. 


6STRATE6IC  DIRECTIONS 


Bob  was 
drowning  in 
email  compliance 


issues. 


Now  he’s 
breathing 
easier. 


Thanks  to  LEGATO,  he  can  do  his  real  job. 

You  need  an  efficient  way  to  manage  risk.  LEGATO’s  EmaiIXtender®  suite 
simplifies  email  compliance.  It  captures,  organizes,  archives  and  provides 
immediate  access  to  email  and  instant  messages.  So  you  can  keep  your 
head  above  water  when  it  comes  to  compliance  issues.  Problem  Solved. 

For  more  information,  visitwww.legato.com  or  call  1-888-853-4286. 


U  LEGATO 


LEGATO,  the  LEGATO  logo  and  EmaiIXtender  are  registered  trademarks  of  LEGATO  Systems,  Inc. 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS  I  DATA  MANAGEMENT 


ETL  TODAY 

From  their  beginnings  extracting  rela¬ 
tional  data,  transforming  it  into  a  standard 
format  and  loading  it  into  a  data  ware¬ 
house,  ETL  tools  have  evolved  into 
instruments  of  data  integration,  pulling 
data  from  operational  systems  and  all 
manner  of  applications.  To  combat  such 
challenges  as  overwhelming  data  volumes, 
poor  data  quality,  incompatible  metadata 
management  schemes  and  slow  data 
transformation  rates,  vendors  like  Ascen- 
tial  offer  integration  suites  that  take  on  not 
just  ETL  chores  but  also  data  profiling, 
metadata  management  and  data  quality. 

ETL  products  can  also  help  organ¬ 
izations  do  data  integration  on  the  fly, 
supporting  multiple  data  formats  along 
the  way.  Uniboard,  a  Canadian  manu¬ 
facturer,  expects  to  save  $200,000  over 
the  next  two  years  using  XML  Global 


Technologies’  GoXML  Transform, 
which  maps  between  complex  formats 
such  as  EDI,  X12,  HIPAA,  SWIFT  and 
XML  without  custom  coding. 

UNTANGLING  APPLICATION  SPAGHETTI: 
ENTERPRISE  APPLICATION  INTEGRATION 

Too  often,  changing  business  conditions 
force  organizations  to  enhance  their  IT 
infrastructures  by  means  of  standalone 
applications  that  were  not  designed  to 
be  integrated  with  any  other  systems.  In 
order  to  share  information  throughout 
the  enterprise,  they  typically  turn  to  cus¬ 
tomized  interfaces  that  allow  for  point- 
to-point  integration — and  in  the  process 
end  up  with  application  spaghetti,  a  tan¬ 
gle  of  interfaces. 

To  untangle  the  mess,  enterprise 
application  integration  (EAI)  systems  use 
generic  mechanisms  and  well-defined 


interfaces  to  connect  existing  applications 
and  leverage  multiple  systems,  generating  a 
consolidated  view  of  data.  Because  they’re 
strategic  initiatives,  EAI  typically  involves 
designing  an  enterprise-wide  framework 
that  incorporates  process  definitions  and 
business  process  reengineering  and  that 
embraces  existing  and  future  systems. 

northAmerican  Logistics  (nAL), 
for  example,  claims  it  saved  more  than 
$1.5  million  over  four  years  using  Soft¬ 
ware  AG’s  integration  server,  EntireX, 
to  build  a  fully  automated  supply  chain 
that  processes  all  data  exchanged  with 
customers  and  partners  via  XML. 
Order-processing  costs  and  expenses 
for  the  maintenance  and  development 
of  its  IT  architecture  were  reduced  as 
well.  In  fact,  nAL  estimates  that  for 
everv  SI  invested  in  EntireX,  it 
achieved  a  net  benefit  of  $5.49. 


CASE  STDDT 


COMPUCREDIT’S  ENTERPRISE  DATA  ARCHITECTURE  SOLVES  APPLICATION  INTEGRATION  AND 
INTEROPERABILITY,  DRIVES  SUCCESS 


highly-successful  direct  marketer  of  branded  credit 
cards  and  fee-based  products,  CompuCredit’s  competi¬ 
tive  advantage  is  based  on  the  sophistication  of  its  ana¬ 
lytical  techniques,  risk  and  decisioning  models— espe¬ 
cially  the  acquisition  and  servicing  of  credit  card  receiv¬ 
ables  portfolios. 

Not  surprisingly,  the  delivery  of  quality  informa¬ 
tion — on-demand— is  critical  to  the  success  of 
CompuCredit’s  1,500  employees.  So  when 
CompuCredit’s  forward-thinking  CIO,  Guido  Sacchi,  realized  soon  after  join¬ 
ing  the  firm  that  CompuCredit’s  underlying  IT  infrastructure — particularly 
its  data  architecture— was  in  need  of  a  serious  overhaul,  he  took  up  the 
challenge  and  began  the  process  of  building  an  enterprise  data  architec¬ 
ture  that  would  enable  and  sustain  the  firm’s  successful  business  model. 

XML  GATEWAY:  KEY  TO  SMOOTH  FLOWING  DATA 

After  evaluating  a  number  of  design  alternatives,  says  Sacchi,  CompuCredit 
decided  open  standards,  an  XML  architecture  and  an  investment  in  web 
services  would  be  the  best  way  to  achieve  its  goal  of  a  truly  supportive 
enterprise  data  architecture  that  solves  the  problem  of  enterprise  appli¬ 
cation  integration  and  interoperability.  CompuCredit  next  choose  Software 
AG  as  its  technology  partner  for  the  project. 

“We  shopped  around,  but  only  Software  AG  could  pull  together  these 
three  critical  elements:  open  standards,  an  XML  architecture  and  web 


services,”  he  says.  “Software  AG  had  the  mature  tool  sets,  experience  and 
vision  we  needed— and  their  ability  to  transfer  knowledge  has  helped  us  to 
enhance  our  own  in-house  capabilities.” 

With  Software  AG’s  help,  CompuCredit  has  designed  for  itself  an  enter¬ 
prise  data  architecture  capable  of  delivering  the  complex  services  needed 

to  meet  the  challenges  of  its  dynamic  business 
environment.  At  the  core  of  the  flexible  and  scal¬ 
able  new  architecture  is  an  XML  Gateway.  A 
doorway  through  which  IT  provides  web  services 
on-demand  to  users’  desktops,  the  XML  Gateway  transparently  provides 
access  to  CompuCredit’s  disparate  data  sources  and  applications. 

ROLLING  OUT  BOTTOM  LINE  RESULTS 

As  the  time  nears  for  the  rollout  of  the  entire  new  enterprise  data  archi¬ 
tecture  into  production,  the  excitement,  says  Sacchi,  is  building. 

“IT  is  the  foundation  that  sustains  the  growth  strategy  of  the  company,” 
he  says,  “  buying  us  the  right  to  play  at  the  deal  table  with  an  advantage 
over  our  competitors.  And  it  allows  us  to  acquire  and  manage  portfolios 
more  effectively — if  I  can  deliver  a  one  percent  increase  for  our  collec¬ 
tions,  I’ll  add  $1  million  on  the  bottom  line.  That’s  big,”  adds  Sacchi. 

Agreed. 


For  more  information  contact  Gerda  Yearwood  of  Software  AG, 
Inc.  at  703-391-8295  or  gerda.yearwood@softwareagusa.com 


jj  SOft UJ FIRE  RG 

THE  XML  COMPANY 


8 STRATEGIC  DIRECTIONS 


Guido  Sacchi ,  CIO 
CompuCredit 


If  I  deliver  a  1%  mere 
in  collections  I  add 
$1  million  to  my  company's 
bottom  line. 


[ 


Mobile  Computing 


Web  Services 


Content  Management 


Enterprise  Transaction  Systems 


CompuCredit's  robust  growth  strategy  requires  on-demand  delivery  of  quality 
information  to  more  efficiently  acquire  and  manage  credit  card  portfolios. 

That's  why  CIO  Guido  Sacchi  took  on  the  challenge  to  reduce  the  time  to 
service  new  portfolios  from  months  to  weeks  with  the  XML  Business  Gateway. 

Imagine  delivering  to  the  business  user's  desktop  a  single  view  of  information 
from  disparate  data  sources,  risk  models  and  collections  applications - 
right  when  they  need  it. 

Imagine  transforming  data  locked  into  complex  systems  into  real  intelligence 
that  propels  the  business  forward. 


Discover  the  XML  Effect. 

To  learn  more  about  Software  AG 
and  how  the  XML  effect  can  help 
you  unlock  data  assets,  visit 
www.softwareagusa.com  today. 


Imagine  working  with  a  partner  who  has  over  30  years  experience  in  data 
management  including  the  early  shaping  and  development  of  XML. 

Guido  did.  And  now  both  he  and  CompuCredit  are  seeing  imagination  turn 
to  reality. 


G  Soft lil FIRE  RG 

THE  XML  COMPANY 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLUTIONS  I  DATA  MANAGEMENT 


Likewise,  when  equipment  manu¬ 
facturer  John  Deere  undertook  a 
large-scale  implementation  of  SAP’s 
R/3  ERP  solution,  it  also  needed  a 
way  to  interface — in  real  time — with  a 
complicated  legacy  environment.  Mer¬ 
cator’s  Inside  Integrator  did  the  trick, 
cutting  the  costs  of  legacy  data  con¬ 
version  and  other  integration  tasks  by 
as  much  as  80  percent. 

DATA  INTEGRATION  WITH  EAI 

EAI  manages  a  host  of  tasks,  providing 
user  interaction  mechanisms  and  Web 
server-  or  application  server- hosted  busi¬ 
ness  logic  that  integrates  apps,  business 
processes  and  legacy  systems.  But  its  real 
focus  is  data  integration.  By  connecting 
diverse  databases  in  different  locations, 
an  EAI  hub — which  includes  data  trans¬ 
formation  and  messaging  components — 
offers  a  consolidated  view  of  business 


information.  The  hub  transports  data 
reliably  and  securely  between  databases 
in  a  consistent,  repeatable  way. 

Data  manipulation  is  directed  by  an 
EAI  solution’s  connectors  (based  on 
database  triggers,  event-driven,  etc.),  cre¬ 
ating  a  layer  of  abstraction  that  makes 
enhancements  and  maintenance  easier. 

There  are  several  implementation 
options  for  EAI: 

■  Buy  it.  Database-to-application  capa¬ 
bilities  are  available  from  Software  AG, 
IBM,  Oracle,  Sybase,  Computer  Asso¬ 
ciates,  Microsoft  and  Sun  Microsystems. 
EAI  tools  are  sold  by  BEA  Systems, 
Mercator,  SeeBeyond  Technology, 
TIBCO,  Vitria  and  webMethods. 

■  Build  it  (quickly).  Perhaps  better  suit¬ 
ed  to  shorter-term  projects  focusing  on 
data  integration  and  targeting  a  few  key 
applications;  thus,  the  number  of 
processes  and  techniques  to  be 


addressed  is  more  manageable  than 
with  some  large-scale  projects. 

■  Leverage  what  you’ve  got.  Instead  of 
investing  in  a  new  architecture,  expand 
your  application  server  functionality 
with  solutions  like  IBM’s  WebSphere  or 
BEA’s  WebLogic. 

COME  TOGETHER:  XML  AND 
WEB  SERVICES 

While  Web  services  pretty  much 
remain  a  pipedream,  a  lot  of  the  parts 
needed  to  pull  off  production  applica¬ 
tions  are  coming  together. 

■  Vendors  have  heartily  embraced  XML, 
the  key  enabling  standard.  Relational 
database  manufacturers  are  adding  XML 
data-handling  capabilities,  and  business 
giants  like  Wal-Mart  are  insisting  on 
XML  format  for  invoices  and  the  like. 
While  the  bulk  of  enterprise  data  resides 
in  file  systems  rather  than  in  relational 


NEW  SOLUTION 

LONG  &  FOSTER  FINDS  CONSOLIDATION  SAVINGS  WITH  COMMVAULT 


;  The  throughput  we’re  getting  with  Commvault’s  Backup  and 
!  Recovery  software  has  been  very  impressive,”  says  Chris 
J  Saben,  network  architect  at  real  estate  services  provider, 
Long  &  Foster.  “More  importantly,  it’s  given  us  the  comfort  level  we 
needed  to  go  forward  with  our  storage  consolidation  plans.” 

As  Saben  sees  it,  confidence  in  consolidating  is  quickly  lost  if  you 
can’t  restore  rapidly.  But  since  integrating  Commvault’s  Backup  and 
Recovery  software  for  Microsoft  Exchange  into  its  newly  installed 
23  terabyte  SAN,  Long  &  Foster’s  throughput  per¬ 
formance  has  surged  from  22  gigabytes  an  hour 
to  48  gigabytes  an  hour— reducing  backup  and 
restore  time  frames  considerably  and  opening 
the  door  for  storage  consolidation. 

“Capturing  our  primary  backups  onto  the  SAN 
means  we  can  stop  using  so  many  tapes,”  explains  Saben.  “By  back¬ 
ing  up  to  the  SAN  first,  we’re  reducing  our  backup  windows,  allowing 
us  to  back  up  more  servers  in  less  amount  of  time.  Then  during  the 
day,  those  backups  are  moved  off  the  SAN  into  our  large  tape  library 
for  both  long  term  and  off-site  storage.” 

BIGGER  DATABASES  YIELD  SMALLER  COSTS 

Moreover,  with  a  restore  time  of  48  gigabytes  per  hour,  Long  &  Foster 
can  now  comfortably  put  larger  Exchange  databases  on  its  servers 
and,  for  example,  cut  the  number  of  Exchange  servers  needed  to  han¬ 
dle  its  mailboxes  from  ten  to  three. 

“It’s  the  difference  between  spending  $60,000  versus  $200,000  on 
servers— that’s  a  huge  savings.  The  combination  of  Commvault’s 


QiNetix  data  management  tools  and  our  SAN  enables  us  to  realign  our 
assets,  to  better  meet  our  future  needs  without  forcing  us  to  make 
large  expenditures  in  infrastructure,”  notes  Saben. 

In  addition  to  the  big  benefits  of  high  throughput,  CommVault’s  deci¬ 
sion  to  drive  its  solution  off  an  SQL  engine,  says  Saben,  delivers  a 
more  robust  database  and  its  use  of  Windows  drivers  means  Long  & 
Foster  can  adapt  quickly  to  new  backup  technologies. 

Saben  also  credits  CommVault  Support  with  the  ability  to  take 
“ownership’  of  a  problem  and  anticipates  deploy¬ 
ing  QiNetix  software  to  solve  other  data  manage¬ 
ment  issues.  In  fact,  Long  &  Foster  already  have 
plans  to  use  QiNetix  DataMigrator  software  to 
make  archived  data  rapidly  accessible. 

“The  combination  of  Commvault’s  QiNetix  data 
management  tools  and  our  SAN  enables  us  to  realign  our  assets,  to 
better  meet  our  future  needs  without  forcing  us  to  make  large  expen¬ 
ditures  in  infrastructure,”  he  adds. 

Long  &  Foster  CIO  Michael  Koval  is  also  highly  impressed  with  the 
benefits  of  Commvault’s  Backup  and  Recovery  software. 

“Long  &  Foster  provides  the  most  robust  IS  support  in  the  real 
estate  business,  and  Commvault  offers  a  substantial  value  proposi¬ 
tion,  in  terms  of  performance  and  cost,  that  helps  Long  &  Foster  to 
maintain  its  lead  in  the  industry,”  he  says. 


For  more  information  on  Commvault  QiNetix  enterprise  data 
management  solutions  for  Windows,  UNIX,  Linux  and  Netware 
platforms,  visit  www.commvault.com. 


CommVault 

Systems 


10 STRATEGIC  DISSECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


D ATI  AND  STORAGE  SOLUTIONS 


C&D  MANAGEMENT 


CONTENT  AND 

DOCUMENT  MMUCEMENT: 

dcmihgwiti  UNSimreniRED  nm 


databases,  hybrid  SQL/XML  databases 
signal  that  business  documents  will  no 
longer  be  beyond  the  reach  of  SQL- 
based  querying  and  analysis. 

■  The  two  competing  infrastructures — 
J2EE  (available  on  application  servers 
from  IBM,  Oracle,  Sun  Microsystems, 
Sybase  and  BEA)  and  Microsoft’s 
.NET — can  now  furnish  the  back-end 
conduits  that  connect  Web  services 
component  architectures. 

■  New  standards  supporting  a  range 
of  business  processes  across  diverse 
systems  and  database  environments 
are  emerging:  BPEL4WS  (Business 
Process  Executive  Language  for  Web 
Services),  WS-TX  (Web  Services 
Transactions)  and  WS-C  (Web  Ser¬ 
vices  Coordination),  as  well  as  initia¬ 
tives  by  Web  services  standards  bod¬ 
ies  such  as  XML  Digital  Signatures 
and  Security  Assertion  Markup  Lan¬ 
guage  (SAML). 

■  Standards  addressing  Web  services 
development  will  ease  data  integration 
challenges.  The  ANSI  SQL/XML  stan¬ 
dard,  for  instance,  transforms  data 
between  XML  and  SQL  formats  so  that 
developers  can  write  one  XML  application 
that  will  work  across  multiple  relational 
databases  without  specialized  knowledge 
of  database  vendors’  XML  extensions. 

Some  worry  that  its  overhead — text 
strings  rather  than  binary — make  XML 
transmissions  too  bulky  and  slow  for 
real-time  applications.  Yet  for  the  85 
percent  of  apps  that  don’t  require  real¬ 
time  performance,  XML  will  have  an 
enormous  impact  as  vendors  and  their 
customers  develop  XML- enabled  data 
architectures.  Consider  Bosch  Rexroth, 
a  maker  of  electric  drives  and  controls 
and  hydraulics.  After  it  turned  to  Soft¬ 
ware  AG’s  Tamino  XML  server  to  house 
all  product  information  and  integrate 
databases  of  images  and  technical  tables, 
its  cross -media  publishing  tasks — such  as 
catalogs  and  brochures — became  so 
much  more  efficient  that  the  system 
paid  for  itself  in  18  months.  SD 


Most  of  the  information  that 
drives  the  business  still 
resides  in  non-relational 
applications.  It’s  unstruc¬ 
tured  data  that  cannot  be 
transformed  into  intelli¬ 
gence  using  the  same  tools 
and  techniques  that  have 
traditionally  worked  on  structured  data. 

And  there’s  plenty  of  it  too:  At  the 
end  of 2001,  more  than  3  billion  docu¬ 
ments  could  be  accessed  on  the  public 
Internet,  a  volume  that,  according  to 


search  engine  Google,  is  doubling  every 
eight  months.  No  wonder  employees 
spend  more  time  gathering  information 
than  using  it. 

ENTERPRISE  CONTENT  MANAGEMENT 

The  challenge:  To  enhance  the  quality 
and  longevity  of  information  that 
resides  in  documents,  yet  keep  the  con¬ 
tent  accurate,  complete,  up-to-date, 
easy  to  access  and  relevant. 

This  can  be  accomplished  using 
content  management  systems  (CMS) 
that  handle  interactive  formatting, 
content  modification  and  distribu¬ 
tion.  CMSs  use  standard,  vendor-neu¬ 
tral  techniques  and  separate  produc¬ 
tion  and  distribution  environments. 


Content  management  solutions  usu¬ 
ally  accelerate  information  delivery 
cycles,  permit  multiple  output  chan¬ 
nels  as  well  as  information  personal¬ 
ization  and  make  content  easier  to 
locate  and  use. 

Among  the  capabilities  CMSs  can 
spread  enterprise- wide: 

■  Furnish  a  common  interface  for  all 
content  types,  structured,  unstructured 
and  image-based; 

■  Tag  metadata  via  automated  document 
categorization  and  summarization; 


■  Control  document  versioning,  access 
and  the  ability  to  edit  based  on  job 
function; 

■  Use  document  workflow  rules  to 
ensure  accuracy; 

■  Establish  time  limits  on  how  long 
information  stays  online  and  automati¬ 
cally  update  linked  documents  after 
changes. 

■  Consider  the  city  of  Munich,  Germany, 
whose  planners  chose  Software  AG’s 
Tamino  XML  server  and  a  Web  portal  to 
cope  with  an  out- of- control  document 
volume.  The  server  manages  document 
metadata  and  controls  portal  communi¬ 
cation.  With  the  CMS,  document  pro¬ 
cessing  times  have  been  cut  by  between 
25  percent  and  60  percent.  SD 


THE  VOLUME  OF  DOCUMENTS  ACCESSED 
ON  THE  INTERNET  IS  DOUBLING  EVERY 
EIGHT  MONTHS.  NO  WONDER  EMPLOYEES 

SPEND  MORE  TIME  GATHERING _ 

INFORMATION  THAN  USING  IT. _ 


STRATEGIC  DIRECTIONS  11 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLUTIONS 


STORAGE  MANAGEMENT 


STORAGE  MANAGEMENT: 

SOLUTIONS  THAT  CONSOLIDATE  AND  AUTOMATE 


According  to  research  by 
the  Enterprise  Storage 
Group,  a  picture  is  worth 
about  18,000  words.  All 
those  bits  and  bytes  are 
adding  up  fast  too:  the 
amount  organizations  are 
spending  on  data  storage 
this  year  is  over  100  per¬ 
cent  more  than  they  spent  in  2001. 

Piling  on  more  storage  hardware — 
a  tempting  proposition  as  storage  hard¬ 
ware  costs  drop  dramatically — only 
makes  storage  infrastructures  more  com¬ 


plex  and  tougher  to  manage.  Besides, 
storage  utilization  levels  are  so  low  that 
more  than  half  of  typical  host  storage  is 
unused.  Buy  more,  waste  more. 

Still,  many  enterprises  rely  on 
direct-attached  storage  that  can’t  be 
shared  and  is  tough  to  safeguard.  For 
decentralized,  heterogeneous  IT  envi¬ 
ronments,  the  costs  and  hassles — strug¬ 
gles  to  meet  service  levels,  inconsistent 
data  integrity  and  security,  and  rigid 
infrastructure — are  becoming  over¬ 
whelming  in  the  face  of  demand  for 
more  data,  more  quickly,  more  often. 


The  good  news  is  that  there’s 
something  a  CIO  can  do  about  it:  con¬ 
solidate  storage  resources,  a  task  most 
effectively  accomplished  with  net¬ 
worked  storage. 

BEYOND  GOST  CONTAINMENT 

For  many,  bringing  rationality  to  stor¬ 
age  woes  begins  with  a  simplification 
and  recentralization  of  storage 
resources.  At  a  time  when  data  storage 
is  gobbling  up  more  of  the  budget, 
consolidating  storage  can: 

■  Lower  system  administration  overhead.  A 


CASE  STUDY 


LllJ 


obliss,  a  leading  mobile  media  company,  is  the  workhorse 
behind  the  real-time  voting  and  polling  which  is  fast 
becoming  a  ‘must  have’  for  reality  and  sports  shows. 

In  2002  the  company  expanded  the  size  and  scale  of  its 
offering  linking  it  to  TV  for  a  real-time  presence  that 
prompts  viewers  to  “vote”  via  text  messaging. 

Not  knowing  how  much  traffic  it  would  receive,  Mobliss’  vice  president  of 
infrastructure,  Hernan  Alvarez,  and  his  team  looked  for  a  storage  solution 
that  could  ramp  up  quickly. 

“We  knew  success  meant  finding  a  fast,  reliable, 
scalable  storage  solution,”  says  Alvarez.  “We  looked 
at  a  number  of  alternatives  but  nothing  compared  to 
EMC’s  CLARiiON  CX200— it’s  simply  the  best  entry- 
level  array  out  there,  period.  And  it  was  very,  very 
easy  to  get  up  and  running— we  had  a  pair  of  databases  talking  to  that  sys¬ 
tem  in  minutes  and  it’s  been  running  without  a  hiccup  since.” 

IN  PLACE  UP  GRADES 

One  of  the  major  CX200  draws,  says  Alvarez,  is  the  data-in-place  upgrades. 

“Not  knowing  how  scalable  we  will  need  to  be  makes  the  in-place  upgrades  a 
key  for  us,”  he  explains.  “The  ability  to  go  from  a  CX200  to  a  CX400  or  CX600 


EMC2 

where  information  lives 


with  data-in-  place,  with  very  little  interruption,  is  significant.  Other  vendors  can 
add  disk,  but  that  alone  does  not  get  you  the  number  of  I/Os  per  second  you 
may  need  for  a  fast  transactional  application  like  real-time  messaging.” 

CONSOLE  COMFORT  AND  MIXING  DRIVES 

Alvarez  is  also  pleased  with  CLARiiON’s  Navisphere  management  software, 
which  he  says  is  intuitive  and  requires  little  training. 

“Navisphere  is  a  great  management  tool,”  says  Alvarez.  “We  know  what 
each  individual  disk  is  doing  and  the  ability  to  manage 
everything  about  the  array  from  the  console  is 
extremely  productive.” 

Mobiiss  is  aiso  looking  forward  to  leveraging  ATA 
drive  technology. 

“Mixing  your  high-speed  fibre  drives  with  lower 
speed,  high-capacity  ATA  drives  is  very  attractive;  the  price  per  megabyte 
is  so  low,”  notes  Alvarez.  “We  have  a  lot  of  storage  we  don’t  need  at  break¬ 
neck  speeds;  but  we  want  it  to  be  there  at  acceptable  speeds,  with  the 
same  reliability  as  our  high-speed  data.  The  ability  to  intermix  in  a  single 
product  line  is  huge;  we’ll  definitely  be  investing.” 

For  more  information,  contact  www.emc.com 


12STRATE6IC  DIRECTIONS 


SERVERS 


EMC2 

where  information  lives 


TO  S  PE  ED  ’  BA  C  i<  U  P  AN  D  RE  COVER  Y,  ’  C  U  T  A  LON  g’dOTT  E  D  l"  IN  E 


STORAGE 


Separating  storage  and  server  purchases  is  the  first  step  to  faster,  more  secure  backup.  With  networked  storage  from 
EMC,  you  can  consolidate  all  your  information,  protect  it  better,  and  manage  it  more  efficiently.  And  with  solutions 
starting  at  $9,995,  the  EMC  CLARiiON  CX  Series  delivers  world-class  storage  at  a  surprisingly  affordable  price. 

Take  advantage  of  our  special  offers  at  www.EMC.com/growthcompanies.  Or  call  1-866-796-6369. 


EMC2 


VELOCITY2 

PARTNER 


Find  an  authorized  EMC  Velocity  Partner 
at  www.EMC.com/velocity 


CX  Series  starting  at 

s9>995 


EMC,2  EMC,  and  CLARiiON  are  registered  trademarks  and  where  information  lives  is  a  trademark  of  EMC  Corporation.  ©2003  EMC  Corporation.  All  rights  reserved. 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS I  STORAGE  HANAGENENT 


simpler  storage  infrastructure  can  mean 
fewer  data  centers,  less  maintenance, 
trimmed  staff  costs  and  reduced  licensing 
fees.  After  Blue  Cross  and  Blue  Shield  of 
Tennessee  (BCBST)  consolidated  its  data 
storage  into  a  single  networked  environ¬ 
ment  and  implemented  a  storage  area  net¬ 
work  (SAN),  storage  expenditures  dropped 
by  60  percent  and  maintenance  costs  went 
down  70  percent.  Add  in  space  reduction, 
staff  avoidance  costs  and  productivity 
improvements,  and  the  savings  amount  to 
between  $1.5  million  and  $2  million  a  year. 
■  Boost  storage  utilization.  Why  are  stor¬ 
age  resources  so  poorly  utilized?  Mosdy 
because  of  inadequate  connectivity.  Net¬ 
worked  storage,  which  separates  data 
storage  from  operational  servers  and 
makes  it  available  in  shared  pools  to  end 
users  via  networks,  can  be  dynamically 
allocated  so  that  less  storage  space 


remains  unused.  Storage  resources  of 
varying  types  can  be  added  quickly  when 
and  where  needed — BCBST  boosted  its 
storage  utilization  by  40  percent. 

■  Generate  economies  of  scalability. 
When  combined  with  the  right  man¬ 
agement  software,  networked  storage 
enables  an  organization’s  storage  infra¬ 
structure  to  scale  to  the  growth  of  data 
volumes. 

■  Make  data  management  easier,  even 
as  the  amount  and  complexity  of  data 
and  its  uses  continue  to  grow. 

■  Improve  security  and  business  conti¬ 
nuity  plans.  As  compared  to  labor- 
intensive,  direct- attached  storage,  con¬ 
solidated  storage  solutions  with 
automated  backup  and  high-availabili- 
ty  configurations  can  improve  data 
safety  and  reliability  while  requiring 
less  human  intervention. 


■  Help  align  IT  infrastructure  with  busi¬ 
ness  strategy.  Here’s  your  chance  to  opti¬ 
mize  a  major  chunk  of  IT  infrastructure 
so  it  can  meet  current  and  future  enter¬ 
prise  demands — including  legal  require¬ 
ments  imposed  to  maintain  data  privacy 
and  management  standards. 

■  Facilitate  resource  metering.  Once 
storage  gets  provisioned  from  a  central 
resource,  usage  can  be  monitored, 
measured — and  billed. 

THE  UTILITY  OF  IT  ALL 

Many  believe  all  this  adds  up  to  utility 
computing — a  rejiggering  of  core  data 
center  technologies  in  order  to  trans¬ 
form  the  components  of  IT  infrastruc¬ 
ture,  like  storage,  into  services  for  which 
end  users  can  be  charged. 

But  utility  computing  can’t  happen 
without  storage  management  software. 


STORAGETEK’S  INFORMATION  LIFECYCLE  MANAGEMENT:  NOT  ALL  INFORMATION  IS  CREATED  EQUAL 


n  today’s  demanding  times,  market  conditions  are  forcing  com¬ 
panies  to  reconsider  the  ways  in  which  they  assign  value  to  their 
information.  Budgets  are  flat  or  declining  and  skilled  human 
resources  are  scarce,  while  at  the  same  time,  more  information 
is  flowing  through  businesses  (at 
annual  growth  rates  of  50  to  70  per¬ 


cent),  and  more  laws  and  regulations  are  mandat¬ 
ing  how  long  information  must  be  accessible. 

That’s  why  StorageTek,  a  total  storage  solutions  expert,  created  its 
Information  Lifecycle  Management  approach  to  helping  customers  more 
efficiently  manage  information  from  its  creation  to  deletion. 

For  StorageTek,  Information  Lifecycle  Management  is  more  than  just 
words  on  paper.  It’s  the  way  the  company  approaches  data  storage  and 
solves  information  management  issues  with  its  customers  based  on  two 
key  issues: 

(1)  What  business  decisions  must  the  customers  need  to  make  about 
their  information? 

(2)  How  does  the  value  of  information  change  over  time? 

ONE  SIZE  DOES  NOT  FIT  ALL 

StorageTek,  one  of  a  few  companies  that  provides  a  full  array  of  solutions 
to  meet  the  data  storage  and  archiving  needs  of  businesses,  understands 
that  not  all  data  is  created  equal  and  as  data  moves  through  its  lifecycle  it 


m  i  ;  *  -1 


must  be  managed  and  can  be  stored  on  different  levels  and  increasingly 
cost-efficient  technologies. 

As  a  result,  StorageTek  is  successful  in  the  market  because  it  is 
equipped  to  offer  customers  the  best  solution  that  addresses  their  criti¬ 
cal  information  management  issues,  while  its 
competitors  take  a  “one  size  fits  all”  approach  by 
recommending  the  storage  devices  they  have  to 
sell  instead  of  the  technology  that  best  address¬ 
es  customers’  requirements. 

STORE,  MANAGE,  REPLICATE,  INTEGRATE 

The  building  blocks  of  Information  Lifecycle  Management  are  store,  man¬ 
age,  replicate  and  integrate.  These  four  elements  help  organize  storage- 
related  activities  logically,  and  assure  customers  of  a  proper  cost-benefit 
balance  in  managing  storage. 

Not  surprisingly,  StorageTek’s  customers  are  embracing  Information 
Lifecycle  Management  because  it  provides  them  with  a  solid  foundation  on 
which  they  can  build  their  storage  infrastructure  as  they  grow. 

Through  Information  Lifecycle  Management,  StorageTek  helps  customers 
solve  pressing  strategic  business  issues,  all  while  lowering  the  cost  and 
improving  the  efficiency  of  their  storage  operations. 

For  more  information,  visit  www.storagetek.com 


3 


14 STRATEGIC  DIRECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS  I  STORAGE  MANAGEMENT 


Leading  IT  infrastructure  vendors  like 
IBM,  Hewlett-Packard,  Veritas,  Com¬ 
puter  Associates  and  Sun  Microsystems 
have  committed  to  a  vision  of  utility  com¬ 
puting  that  embraces  elements  of  storage 
management.  As  these  efforts  mature, 
several  kinds  of  storage  management 
capabilities  will  be  integrated  into  them: 

■  Storage  provisioning,  which  dynami¬ 
cally  deploys  and  optimizes  hardware 
resources 

■  Storage  virtualization,  which  logical¬ 
ly  abstracts  storage  from  physical 
resources 

■  Storage  policy-based  management, 
which  helps  set  performance  and  avail¬ 
ability  service  levels 

■  Storage  resource  management  (SRM), 
which  features  billing,  chargeback  and 
capacity  management. 

STORAGE  VIRTUALIZATION 

As  IT  grapples  with  burgeoning  volumes 
of  data  and  the  creeping  complexity  of 
storage  environments,  storage  virtualiza¬ 
tion  solutions  can  offer  some  relief. 

Virtualization  creates  an  abstrac¬ 
tion  layer  that  separates  the  actual 
physical  storage  from  the  representa¬ 
tion  of  storage  to  the  server  operating 
system,  portraying  data  stored  in  any 
number  of  media,  devices  and  loca¬ 
tions  as  being  located  in  one  central¬ 
ized  repository.  This  virtualized  pool 
of  enterprise  data  thus  hides  storage 
infrastructure  complexities.  Every¬ 
one — IT  staffers  as  well  as  end  users 
and  their  business  applications — gets 
a  single,  logical  view  of  all  the  data  in 
the  storage  pool,  allowing  them  to 
directly  access  the  information  they 
need  wherever  it  is. 

Pooling  70  terabytes  of  arrayed 
storage,  DataCore  Software’s  virtual¬ 
ization  appliance  has  boosted  Con¬ 
seco  Finance  Corp.’s  storage  utiliza¬ 
tion  rates  to  85  percent  from  55 
percent,  and  the  time  required  to 
provision  storage  for  new  applications 
has  plummeted  from  four  days  to  just 


an  hour.  The  company  has  saved 
three  times  what  the  DataCore  prod¬ 
uct  cost,  in  part  by  being  able  to 
postpone  the  purchase  of  three  addi¬ 
tional  terabytes  of  storage. 

In  addition  to  virtualization  vendors 
like  Legato  (recently  acquired  by  EMC 
Corp.)  and  DataCore,  several  major 
players  are  stepping  into  the  ring,  among 
them  IBM,  Cisco  Systems,  Hewlett- 
Packard  and  Sun  Microsystems. 

STORAGE  RESOURCES  MANAGEMENT 

Before  data  can  be  migrated  to  a  storage 
area  network  (SAN)  or  a  networked  area 
storage  (NAS)  environment,  it  needs  to 
be  categorized  according  to  such  vari¬ 
ables  as  file  type,  access  date,  owner  and 
business  value.  Without  this  kind  of  gran¬ 
ularity,  conceiving  effective  storage  poli¬ 
cies — essential  to  successful  storage  con¬ 
solidation  projects — is  tough  to  do. 

This  type  of  categorization  is  per¬ 
formed  by  storage  resource  manage¬ 
ment  (SRM)  tools,  which  collect  infor¬ 
mation  about  storage  assets,  place  it  in 
a  central  repository  and,  using  analyti¬ 
cal  tools,  optimize  storage  assets  and 
anticipate  storage  requirements. 

Even  though  SRM  tools  tend  not 
to  initiate  actions,  they  generate  signifi¬ 
cant  ROI,  since  the  alternative  requires 
manually  analyzing  and  categorizing 
enormous  volumes  of  data.  Many  com¬ 
panies,  including  Veritas,  IBM  and 
Computer  Associates,  offer  SRM  prod¬ 
ucts.  Integrated  with  storage  policy  and 
virtualization  capabilities  that  allow  them 
to  automate  service-level  management, 
data  path  optimization,  provisioning  and 
so  on,  SRM  tools  will  become  key  to 
infrastructure  management. 

To  get  the  most  from  SRM,  look 
for  products  that  deliver  active,  policy- 
based  management  that  permit  file- 
level  automation  across  heterogeneous 
platforms  and  initiate  corrective  actions 
to  help  maintain  storage  asset  availabil¬ 
ity.  They  should  also  manage  data 
within  mission-critical  applications 


(such  as  Microsoft  Exchange,  SQL 
Server,  Oracle)  so  you  can  get  a  con¬ 
solidated  view  of  storage  assets. 

“No  organization  should  be  with¬ 
out  an  SRM  solution,”  says  Nancy  Mar- 
rone,  senior  analyst  at  Enterprise  Stor¬ 
age  Group.  “These  tools  provide 
information  on  how  resources  are  being 
utilized,  who  the  users  are,  and  what 
types  of  files  and  data  are  being  stored. 
SRM  solutions  can  help  organizations 
reclaim  wasted  space,  more  effectively 
utilize  their  resources  and  predict  when 
they’ll  need  additional  capacity.  The 
solutions  aren’t  too  expensive  and  help 
reduce  total  cost  of  ownership.” 

SAN  MANAGEMENT  TOOLS 

Highly  specialized  SAN  management 
tools  supply  the  physical  layer  of 
storage  management  by  identifying,  con¬ 
figuring,  allocating  and  deploying  storage 
assets  in  heterogeneous  environments. 

EMC’s  Control  Center,  for  instance, 
features  array  management,  while  McDa- 
ta’s  SANavigator  is  a  fabric  manager. 
Other  products,  such  as  Veritas’  SAN- 
Point  Control,  EMC’s  VisualSAN  and 
InterSAN’s  Pathline,  are  designed  to 
work  in  heterogeneous  environments. 

Storage  management  vendors  are 
working  to  combine  the  capabilities  of 
both  SRM  and  SAN  tools  to  optimize 
storage  use  in  real  time,  according  to 
established  policies  and  processes. 
Active  storage  management  tools  are 
being  developed  by  Veritas,  EMC, 
IBM,  Hewlett-Packard  and  Sun 
Microsystems,  among  others. 

INFORMATION  LIFECYCLE 
MANAGEMENT 

Not  all  data  is  created  equal.  Organiza¬ 
tions  “embrace  information  lifecycle 
management  because  they  understand 
that  the  value  of  data  changes  over 
time,”  says  Pat  Martin,  chairman,  pres¬ 
ident  and  CEO  of  StorageTek. 

The  value  of  data,  adds  Steve 
Duplessie,  a  senior  analyst  at  the 


STRATEGIC  DIRECTIONS  15 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLUTIONS  I  STORAGE  MANAGEMENT 


Enterprise  Storage  Group,  “is  the  one 
overlooked  variable  that  really  screws 
everything  else  up.  We  tend  to  treat 
data  the  same  from  inception  to  death, 
but  clearly  the  value  of  the  data 
changes  over  time,  and  as  such  should 
be  treated  differently.” 

Information  lifecycle  management 
(ILM)  software  addresses  this  problem 
with  the  concept  of  a  lifecycle:  data  is 
treated  uniquely  according  to  its  com¬ 
parative  value,  and,  as  that  value 
changes,  the  level  of  accessibility  and 
protection  it  gets  is  altered  dynamical¬ 
ly.  The  result:  better  quality  of  service 
at  reduced  cost. 

Sounds  good,  but  it’s  tough  to 
implement  in  the  heterogeneous,  net¬ 
worked  IT  environments  that  serve 
many  organizations.  Many  tasks — 
including  the  ability  to  understand  data 
within  the  context  of  its  file  system  or 
application  as  well  as  data  replication, 
volume  management/virtualization, 
migration  and  archiving — must  be  coor¬ 
dinated  across  a  variety  of  network,  sys¬ 
tem  and  storage  platforms. 

Well-designed  data  and  storage  man¬ 
agement  policies  can  help,  says  analyst 
Steve  Kenniston  of  the  Enterprise  Stor¬ 
age  Group,  calling  them  “the  beginning 
of  true  information  lifecycle  management 
and  the  ability  to  monitor  data  growth 
better  for  planning  purposes.  By  manag¬ 
ing  what  data  lives  where  and  at  what 
time,  you  can  control  how  data  is  pro¬ 
tected  and  increase  protection  levels.” 

THE  CHALLENGES 

What  does  it  take  to  make  storage  con¬ 
solidation  happen? 

Security.  “There  are  certain  vulner¬ 
abilities  that  are  introduced  when  con¬ 
solidating  and  networking  data,”  says 
Enterprise  Storage  Group’s  Marrone. 
“The  benefits  of  consolidation  may  out¬ 
weigh  the  risks,  but  organizations  must 
perform  additional  security  assessments 
to  make  sure  data  is  secure.  Data 
deemed  critical  to  the  business  should 


be  protected  by  more  than  just  an  exter¬ 
nal  firewall.”  She  suggests  encryption 
for  “data  at  rest”  so  that  critical  infor¬ 
mation  is  not  compromised. 

Getting  everybody  together. 
“The  first  thing  a  CIO  needs  to  do,” 
says  Hugh  Hale,  director  of  technical 
services  at  Blue  Cross  and  Blue  Shield 
of  Tennessee  (BCBST),  “is  to  make  cer¬ 
tain  all  of  IT’s  various  support  groups 
come  together  and  develop  one,  broad 
strategy.  Convincing  all  the  technical 
support  groups  to  play  together  is  the 
biggest  challenge.” 

Hale  advises  focusing  on  each  group 
and  getting  them  to  consider  potential 
solutions  from  an  enterprise  perspective: 
What’s  the  most  efficient?  What  works 


significant,  sustained  inter¬ 
ruption  of  enterprise  opera¬ 
tions  or  information  flow  can 
drive  a  company  right  out  of 
business.  Adding  to  the  pres¬ 
sure  are  recently  passed  laws 
and  initiatives — including  the 
Graham- Leach-Bliley  Finan¬ 
cial  Services  Modernization  Act,  the 
Healthcare  Information  Portability  and 
Accountability  Act  (HIPAA)  and  the 
European  Data  Privacy  Directive — that 
hold  organizations  responsible  when 
personal  data  goes  astray  or  corporate 
information  isn’t  preserved. 

Yet  according  to  the  research  firm 
Gartner,  fewer  than  30  percent  of  For¬ 
tune  2000  companies  actually  have  a 
full  business  continuity  plan  in  place. 
Fortunately,  there  are  more  ways  than 
ever  to  safeguard  data  and  the  systems 
that  move  and  store  it. 


best  for  everyone?  For  the  community? 

He  also  suggests  putting  the  problem 
and  proposed  solution  to  management: 
Convince  company  executives  that  creat¬ 
ing  a  homogeneous  environment  is  so 
much  better  in  the  long  run.  Hale  says. 

“I  had  to  explain  to  them  that, 
yes,  while  it’s  true  I  could  buy  a  server 
that  is  better  than  the  ones  we  have 
installed,  if  you  take  a  look  at  the  total 
environment,  the  homogeneous  envi¬ 
ronment  is  easier  to  manage,  takes  the 
least  amount  of  staff,  and  we  get 
tremendous  vendor  support,”  he 
recalls.  “We  found  discussions  center¬ 
ing  on  reliability  and  availability  of  the 
applications  very  effective  in  getting 
executive  buy-in.”  SD 


DEVELOPING  A  BUSINESS 
CONTINUITY  PUN 

The  challenge  is  to  understand  your 
business  sufficiently  that  you  can  deter¬ 
mine  which  processes  it  needs  to  stay 
alive,  and  then  ascertain  all  the  essen¬ 
tials — physical  facilities,  employees, 
skills,  training,  etc. — necessary  to  those 
processes.  Some  best  practices: 

Assessing  risk:  Do  you  under¬ 
stand  your  business?  To  figure  out 
where  your  organization  is  vulnerable, 
you’ll  need  to  assign  a  project  team  that 
consists  of  IT,  security  and  business  unit 
staff.  The  team’s  job  is  to  identify  and 
prioritize  mission-critical  business 
processes  and  evaluate  downtime  costs. 
Their  deliverables:  conclusions  about  the 
costs  of  downtime  for  your  business, 
what  it’ll  take  to  recover  the  availability 
of  key  processes  and  what  kinds  of  serv¬ 
ice  availability  key  applications  require. 


ROSINESS  CONTINUITY 

MID  DISASTER  RECOVERY: 

PREVENTING  BUSINESS  INTERRUPTION 


16STRATEGIC  DIRECTIONS 


ADVERTISING  SUPPLEMENT 


I 


I  Realize  The 
DASD  Cost 
Per  Megabyte 
Is  Going 

•OWN...  I 


SECURITY  SOLUTIONS  CENTER 


And  the  cost  of  DASD  is  more  than  just 
the  acquisition  cost,  there  is  the  cost  of  backing 
up  the  storage,  the  telecommunication  cost  of 
replication  and  the  management  cost.  Wouldn't 
it  be  better  to  manage  the  DASD  you  already 
have  before  you  buy  more? 


Know 


When  It's  FREE! 

For  more  information  on  how  to  increase 
your  utilization  and  manage  your  mainframe 
DASD  more  effectively,  contact  DTS  Software  at 
770-922-2444  or  email:  info@DTSsoftware.com. 


SOFTWARE,  INC. 


Rorke  Data,  a  subsidiary 
of  Beil  Microproducts 

Email:  lprke@porke.com 
Phone:  800-328-8147x7880 

www.rorke.com/enterprise/ 

Data  Storage  &  Email  Solutions  that  meet  regulatory  compliance 
for  SEC  17a-4,  Sarbanes-Oxely  &  HIPAA. 

Open  and  Scalable  solutions  that  integrate  high  speed,  on-line  disk 
storage  with  regulatory-compliant  WORM  media.  Option  to  inte¬ 
grate  email  management  for  small  to  large  Microsoft  Exchange 
environments  is  available  as  well.  Rorke  Data  solutions  scale  from 
2TB  to  100TB  plus!! 


•I"  DATA  PROCESSING 


Innovation  Data 
Processing 
275  Paterson  Avenue 
Little  Falls,  NJ  07424 
Phone:  973-890-7300 
fax:  973-890-7147 


www.innovationdp.fdr.com 

Innovation  Data  Processing  is  an  enterprise  business  data  protec¬ 
tion  leader  with  the  FDR  Family  of  Storage  Management  products 
including  FDR/UPSTREAM  for  Open  Systems,  and  zLinux,  1AM  for 
VSAM  application  acceleration.  FDRINSTANT  extends  data  replica¬ 
tion  technology  of  storage  vendors  such  as  FlashCopy  with  non-dis- 
ruptive  protection.  FDRPAS  provides  economical  non-disruptive  disk 
and  volume  relocation  making  new  hardware  installation  a  snap. 


3  PAR 

Serving  Information 


3PAR 

E-Mail:  salesinfo@3pardata.Gom 
Phone:  888-372-7226 


www.3pardata.com 

3PAR  Utility  Storage  is  an  intelligent  and  highly  functional  disk  array 
subsystem.  With  breakthrough  hardware  and  software  innovtions, 
3PAR  overcomes  the  complexities,  cost,  and  functional  limitations 
of  current  storage  solutions.  3PAR  has  delivered  Utility  Storage 
solutions  to  the  government  sector,  both  to  the  U.S.  and  abroad, 
and  to  the  commercial  sector,  which  includes  financial  services, 
technology,  bio-pharmaceutical,  and  telecom  companies. 


For  more  information  and  up  to 
date  storage  research 
and  resources  please  go  to: 

www.cio.com/research/da  ta 


STRATEGIC  DIRECTIONS  17 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLOTIOHS I  DISASTER  RECOVERY 


Designing  business  continuity 
and  recovery  plans.  Repeatable  recov¬ 
ery  strategies  and  processes  are  delineat¬ 
ed,  including  die  formalizing  of  business 
continuity  policies,  management,  and 
auditing  and  creation  of  crisis  manage¬ 
ment  teams  and  procedures.  Service  lev¬ 
els  should  be  defined  using  classification 
systems  that  lay  out  requirements  for 
infrastructure,  operations  architecture 
and  development  endeavors. 

Building  a  business  continuity 
response.  As  business  continuity  designs 
are  assembled,  detailed  plans  and  rou¬ 
tines  are  formulated  for  those  handling 
daily  operations.  Then,  as  much  as  pos¬ 
sible  (since  some  plans  may  not  be 
testable),  they’re  tested.  And  tested. 
And  tested  again.  This  begins  an  itera¬ 
tive  process — ongoing  testing  results  in 
adjustments  to  the  plan,  improving 
chances  of  surviving  a  disaster. 

Monitoring  and  maintenance. 
Because  business  requirements  are  always 


changing,  business  continuity  plans  must 
be  frequently  updated.  Part  of  your  busi¬ 
ness  continuity  plan  design  and  construc¬ 
tion  should  address  procedures  for 
reviewing  the  plan  and  making  changes 
as  necessary.  Testing  should  be  continu¬ 
al — and  don’t  forget  staff  rehearsals. 

Continuity  in  the  culture.  If  busi¬ 
ness  continuity  processes  are  integrated 
into  every  project  life-cycle  and  change 
management  process,  then  continuity 
and  recovery  requirements  can  be 
understood  and  incorporated  as  new 
projects  and  processes  are  initiated. 
You’ll  also  need  a  continuing  campaign 
to  improve  business  continuity  policy 
awareness  and  management  practices 
across  the  organization. 

TECHNOLOGIES  THAT  MAKE  BUSINESS 
CONTINUITY  PUNNING  EASIER 

To  provide  true  continuity  for  critical 
business  processes,  not  just  critical  data, 
companies  must: 


■  Maintain  a  variety  of  redundancies 
dedicated  to  business  continuity, 
including  redundant  network  capaci¬ 
ty,  electrical  supplies  from  different 
power  grids  and  offsite  location  of 
failover  gear 

■  Assure  immediate  availability  of  ade¬ 
quate  latent  capacity  to  sustain  rapid 
failover  and  recovery 

■  Find  ways  to  test  capacity  availability 
without  disrupting  current  operations. 

Among  the  technologies  that  make 
these  efforts  easier: 

High-availability  solutions  that 
enable  organizations  to  recover  in  min¬ 
utes  rather  than  days.  3PARdata’s  stor¬ 
age  servers,  for  instance,  combine  hard¬ 
ware  and  software  fault  tolerance  so 
software  can  be  upgraded  online,  and 
are  scalable  from  entry-level  installa¬ 
tions  to  large,  centralized  systems. 

Distributed  applications  architec¬ 
tures  in  which  applications  architectures 
inhabit  several  active  physical  sites  so 


COMPANY  PROFILE 


'V;  v  *■'  i  >r, 

c.  '  * 

•  i  vit  }■ 

*  4>V 


T  departments  today  are  under  pressure  to  provide  ever- 
higher  levels  of  service  while  reducing  operational  and 
infrastructure  costs.  To  meet  these  challenges,  more  and 
more  IT  departments  are  shifting  to  a  utility  model  that 
delivers  computing  power  and  stor¬ 
age  capacity  from  shared,  central¬ 


ized  resources. 


VERITAS 


NEW  TOOLS  AND  CAPABILITIES 

Managing  the  utility  model  requires  new  tools  and 

capabilities.  With  the  VERITAS  one-source  SRM  solution,  IT  professionals 

can  facilitate  the  transition  to  utility  computing  from  a  storage  perspective. 

The  VERITAS  SRM  solution  provides  storage  management  from  three 
integrated  products:  VERITAS  SANPoint  Control  covers  physical  storage 
management;  VERITAS  Storage  Reporter  takes  care  of  logical  storage 
management;  and  VERITAS  Service  Manager  for  Storage  performs  busi¬ 
ness  management  functions. 

•VERITAS  SANPoint  Control  provides  centralized,  proactive  management 
of  the  storage  infrastructure.  Seamlessly  integrating  policy  and  perform¬ 
ance  management,  storage  provisioning,  and  zoning  capabilities,  VERITAS 


SANPoint  Control  simplifies  the  complex  tasks  of  managing  and  monitoring 
a  multi-vendor  networked  storage  environment. 

•VERITAS  Storage  Reporter  enables  IT  organizations  to  know  exactly  what 
users,  applications  or  file  types  are  consuming  valuable  storage  space.  With 
Storage  Reporter,  IT  managers  get  a  complete 
view  into  the  usage  of  storage  across  the  enter¬ 
prise,  allowing  them  to  raise  storage  utilization 
rates  to  the  point  where  they  quickly  recover  their 
software  investment. 

•VERITAS  Service  Manager  for  Storage  helps 
organizations  align  IT  strategies  with  business  priorities.  VERITAS  Service 
Manager  allows  IT  to  centrally  manage  delivery  of  IT  storage  services  and 
quantify  the  results  of  expenditures  by  providing  complete  business-level 
reporting  of  storage  utilization,  costs,  and  service-level  delivery. 

The  VERITAS  SRM  Suite  is  the  one-source  solution  for  IT  departments 
seeking  the  most  reliable  and  economical  way  to  meet  storage  and  avail¬ 
ability  requirements. 

For  more  information  about  utility  computing  from  a  storage  per¬ 
spective,  visit  www.veritas.com 


18 STRATEGIC  DIRECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


DATA  AND  STORAGE  SOLDTIONS  I  TDE  ROI  OF  STORAGE 


WHERE  THE  PAYBACKS  ARE: 

THE  ROI  OF  STORAGE  SOLUTIONS 

Here  are  Some  of  the  Results  Companies  Have  Used  to  Support  Their  Business  Cases: 

When  COPIC  Insurance  was  moving  from  a  mainframe  to  an  Oracle  platform,  it  needed  to 
migrate  lots  of  legacy  data  but  lacked  the  SQL  experience  needed  to  do  so.  Using  Informat- 
ica’s  data  integration  platform,  the  migration  was  finished  in  nine  months  (vs.  the  usual  two 
years)  with  just  two  developers,  and  one  migration  project  saw  cost  savings  of  50  percent. 
What’s  more,  COPIC’s  data  warehouse  maintenance  and  support  costs  are  significantly 
lower  and  it’s  easier  to  train  developers. 

Brokerage  house  Legg  Mason  used  Legato’s  DiskXtender  and  ApplicationXtender  to  create 
a  cost-effective  data  management  solution  capable  of  handling  massive  amounts  of  data. 
Working  in  conjunction  with  Legg  Mason’s  corporate  intranet,  the  solution  has  virtually  elim¬ 
inated  the  company’s  need  for  paper  report  delivery  and  storage  and  reduced  the  time  nec¬ 
essary  to  retrieve  client  documentation  from  hours  (sometimes  days)  to  seconds. 

implementing  StorageTek’s  Virtual  Storage  Manager  helped  soy  sauce  maker  Kikkoman 
reduce  the  1,500  magnetic  tapes  required  to  record  its  mission-critical  data  to  just  500 
tapes— a  savings  of  about  67  percent. 

One  of  the  largest  suppliers  of  products  and  services  to  the  global  semiconductor  indus¬ 
try,  Applied  Materials,  realized  a  $2  million  savings  in  storage  costs  in  the  first  year  after 
implementing  OuterBay’s  LiveArchive  software— and  has  saved  $1  million  in  storage  costs 
every  year  since.  Applied  Materials  was  also  able  to  reduce  database  growth  rate  from  156 
gigabytes  to  16  gigabytes  a  year— an  annual  growth  rate  reduction  of  90  percent. 

Application  services  provider  USinternetworking,  Inc.  (USi),  reports  getting  four  to  five  times 
better  backup  speed  with  Veritas  NetBackup  DataCenter  compared  to  its  previous  solution.  USi 
is  also  able  to  restore  any  server  or  packaged  application  completely  from  the  ground  up.  SD 


that  if  one  center  goes  down  the  others 
can  still  process  application  requests. 

Load  balancing  across  multiple 
physical  sites  (generally  for  non-transac¬ 
tional  apps)  and  hot  standby,  a  redundant 
application  environment  that’s  available 
when  an  outage  hits  the  primary  physical 
site,  for  transaction  applications  alleviate 
the  complexity  of  multiple-site  design 
and  ease  conflict  resolution.  This  reduces 
complexity  and  improves  the  chances  for 
conflict  resolution.  For  hot-standby  and 
load  balanced  sites,  data  is  often  replicat¬ 
ed  between  sites  via  mirroring  or  shad¬ 
owing  (at  the  transaction  or  data  level). 

Data  replication — notably  mir¬ 
roring  and  shadowing — are  used  often 
with  load-balanced  and  hot-standby 
sites,  replicating  databases  and  file  sys¬ 
tems.  Point-in-time  replicas  synchro¬ 
nize  backup  and  recovery  across  mul¬ 
tiple  systems. 

Clustering,  which  replicates  data 
between  sites,  monitors  site  availability 
and  responds  to  outages  by  conduct¬ 
ing  automated  recovery  at  the  alterna¬ 
tive  site. 

Snapshots  capture,  well,  snap¬ 
shots  of  data.  EMC  Corp.’s  Snap, 
which  works  with  the  firm’s  Symmetrix 
DMX  networked  storage  products, 
generates  pointer-based  snapshots  of 
production  data  volumes. 

Storage  management  software 
delivers  the  ability  to  move  files  quick¬ 
ly  and  recover  even  the  largest  data  files 
in  minutes.  StorageTek’s  Application 
Storage  Manager,  for  example,  exploits 
storage  virtualization  and  automates 
data  management  and  retrieval  across 
the  storage  hierarchy  via  user-defined 
data  policies. 

DTS  Software’s  Storage  Control 
Center  is  comprised  of  an  integrated 
suite  of  storage  management  programs 
that  handle  backup,  debugging,  uti¬ 
lization  monitoring,  disk  space  recov¬ 
ery,  and  DASD  and  tape  management. 

Rorke  Data’s  global  namespace 
management  applications  allow  clients  to 


access  files  without  knowing  their  loca¬ 
tion.  Administrators  can  aggregate  file 
storage  across  heterogeneous,  geograph¬ 
ically  distributed  storage  devices,  and 
view  and  manage  it  as  a  single  file  system. 

Vendors  are  also  working  together 
to  create  comprehensive  business  conti¬ 
nuity  solutions.  For  instance,  EMC  has 
joined  with  Legato  and  Nortel  Networks 
to  offer  a  solution  that  allows  disparate 
data  centers  to  behave  as  one.  In  event  of 
an  outage,  transactions  are  automatically 
rerouted  to  an  alternate  site  without 
requiring  restore  or  restart  procedures. 

BlueStar  Solutions,  a  provider  of 
hosted  enterprise-class  applications,  is 
using  Veritas’  Volume  Replicator  to 
shrink  data  loss  to  no  more  than  15 
minutes  (with  a  guarantee  that  the  data 
is  consistent  and  applications  can  be 


brought  back  up).  BlueStar  has  also 
reduced  downtime  to  only  10  minutes 
from  start  to  systems  recovery  in  its 
alternate  data  center  using  Veritas’ 
Global  Cluster  Manager. 

Innovation  Data  Processing’s 
enterprise  storage  management  soft¬ 
ware  has  helped  M&T  Bank’s  enter¬ 
prise  storage  department  take  on  back¬ 
up  tasks  without  needing  dedicated 
tape  drives  to  do  it. 

Unified  enterprise  data  manage¬ 
ment  solutions  ensure  high-perform¬ 
ance  data  protection,  universal  avail¬ 
ability  and  simplified  management  of 
complex  storage  networks.  The  Com- 
mVault  software  platform,  for  instance, 
integrates  backup  and  recovery,  data 
migration,  data  high  availability  and 
storage  management  software.  SO 


STRATEGIC  DIRECTIONS  19 


H  .v 


TOP  THE 


mm 


software  c 


storage 


lerved.  VERITAS,  ami  the  VEHITAS  Logo  Reg.  U.S. 


Only  VERITAS  detects,  diagnoses,  and  corrects  performance  problems  from  application 
to  storage  array.  Stop  the  finger  pointing  by  pointing  your  browser  to  veritas.com 


VERITAS 


Your 

VENDOR 

RELATIONSHIPS 

“"CONTROL 


YOU  NEED  TO  GET  SMART  FAST 


Do  you  know  how  to  break  through  vendor  hype?  How  far 
can  you  trust  vendor  analysts?  Can  you  successfully  nego¬ 
tiate  with  vendors?  Should  you  take  customer  references 
with  a  grain  of  salt?  Do  you  know  how  to  influence  vendor 
development?  Turn  to  the  CIO  FOCUS™  on  SOFTWARE 
VENDOR  RELATIONSHIPS:  SELECTING,  VETTING  AND 
MANAGING  PARTNERS— actionable  information  created, 
filtered  and  packaged  by  the  award-winning  editors  of  CIO 
magazine. 


CIO  FOCUS™  is  delivered  right  to  your  desktop,  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours.  Available  now  at 
an  introductory  price. 


CIO  FOCUS™ 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Fundamentals  of  the  CIO  Role 

Applied  Wireless:  Making 
Wireless  Work  in  Business 

Securing  Information  Assets: 
Planning,  Prevention  and 
Response 

The  Elite  CIO:  Going  Beyond 
the  Basics 


CIO  FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


The  Resource 
for  Information 
Executives 


EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.TheCIOStore.com 


trendlines 


On  the  Move 


By  Meridith  Levinson 


Deasv  Sees  Opportunity 
at  Troubled  Tyco 


AFTER  THREE  AND  a  half  years  of  tireless 
politicking,  relationship  building  and  air 
travel,  Dana  Deasy  felt  he  had  accomplished 
what  he  had  set  out  to  do.  As  vice  president 
and  corporate  CIO  of  the  Americas  for 
Siemens,  Deasy  had  aligned 
the  company’s  15  North 
American  CIOs  around  a 
global  IT  strategy.  Now,  Deasy 
felt,  he  had  effectively  become 
the  “Maytag  repairman  of 
Siemens.”  (Read  more  about 
his  work  at  Siemens  in  “The 
World  According  to  Deasy,” 
unvw.  do.  com/printlinks.) 

So  when  he  received  a  call 
in  May  from  a  recruiter  with 
Russell  Reynolds  Associates 
while  waiting  for  yet  another  flight,  Deasy 
was  poised  to  hear  the  recruiter’s  pitch  to 
become  a  company’s  first-ever  global 
CIO — even  though  that  company  was 
Tyco,  the  embattled  conglomerate  whose 
former  executives  have  been  in  hot  water 
for  allegedly  cooking  its  books.  “I  had 
accomplished  just  about  all  the  goals  I  had 
set  out  to  accomplish  when  I  set  up  the 
CIO  organization  at  Siemens,”  Deasy  told 
CIO  just  before  he  joined  Tyco  in  July. 

“Tyco  presented  one  of  those  irresistible 
opportunities  that  many  CIOs  look  for,”  he 
adds.  “It’s  not  too  often  you  get  to  go  into  a 


$36  billion  company  that’s  never  had  a 
global  CIO  and  get  to  establish  the  [CIO] 
organization  from  the  ground  floor  up.” 
Among  the  reasons  why  Deasy  found  Tyco 
an  “irresistible”  opportunity: 

•  Personal  growth  potential. 
Deasy  served  as  a  regional 
CIO  at  Siemens.  Now  he  had 
the  chance  to  join  the  ranks 
of  global  CIOs  and  extend  his 
authority. 

•  A  greenfield.  The  global 
CIO  position  was  a  new  one 
at  Tyco,  so  Deasy  wouldn’t  be 
stepping  into  someone  else’s 
shoes — inheriting  someone 
else’s  baggage,  processes  or 
ways  of  doing  things. 

•  A  new  management  team.  Deasy  was 
attracted  to  Tyco’s  fresh  blood  and  high 
energy  at  the  top,  including  a  new  CEO 
and  new  CFO.  Many  other  execs  had  been 
in  their  positions  for  less  than  a  year  when 
Deasy  joined  in  July. 

•  Direct  line  to  the  CEO.  Reporting  to 
Chairman  and  CEO  Ed  Breen,  Deasy  can 
have  a  direct  impact  on  shaping  the  com¬ 
pany’s  strategic  direction  and  operations  at  a 
time  when  Tyco  is  trying  to  reclaim  its  cred¬ 
ibility  with  shareholders  and  Wall  Street. 

•  Familiar  organizational  turf.  Deasy  says 
he  would  be  able  to  apply  what  he  learned 


Dana  Deasy’s  Resume 

CURRENT  POSITION 

Senior  Vice  President  and  CIO, 

Tyco  International  Ltd. 

WORK  EXPERIENCE 

•  October  1999- July  2003  Vice  President 
and  CIO  of  the  Americas,  Siemens  Corp. 

•  June  1997-September  1999  CIO, 

General  Motors  Corp.’s  Locomotive  Group 

•  December  1994-May  1997  Director 
of  Information  Systems,  Invetech  Co. 

•  June  1981-November  1994  Director  of 
Information  Management,  supporting 
Rockwell’s  Space  Shuttle  program, 

Rockwell  Space  Systems  Division 

EDUCATION 

MBA  from  National  University,  San  Diego 

BS  in  Business  Administration  from  the 

University  of  Southern  California,  Los  Angeles 

at  Siemens  (like  building  an  esprit  de  corps 
among  a  geographically  dispersed  group 
of  executives)  to  Tyco  because  the  two 
global  manufacturers  share  similar  decen¬ 
tralized  structures. 

Deasy’s  overarching  goal:  Help  Tyco’s  sen¬ 
ior  management  get  the  company  back  on 
track.  He  plans  to  do  so  by  creating  a  unified 
IT  strategy  for  the  company  that  all  the 
regional  and  divisional  CIOs  buy  into,  by 
restructuring  IT  contracts  with  vendors  and 
by  consolidating  IT  operations  where  possi¬ 
ble  to  save  costs. 

Shawn  Banerji,  the  recruiter  who  tapped 
Deasy  for  the  global  CIO  position,  says 
Deasy’s  comportment  makes  him  a  perfect 
fit  for  the  new  Tyco  as  does  his  ability  to 
influence  others,  which  he  demonstrated 
at  Siemens  and  which  will  come  in  handy 
as  he  tries  to  unify  Tyco’s  disparate  IT 
organizations.  “He’s  authoritative  and  very 
credible,  but  he’s  not  a  snob,”  says  Banerji 
of  Deasy.  “He’s  very  inclusive.  You’ve  got 
to  have  that  at  a  place  like  Tyco.  His  abil¬ 
ity  to  influence  others  and  get  their  buy-in 
and  mindshare  is  incredibly  important.” 


£  I  IrlHSSBi 

More  CIOs  are  taking  operations  and  administrative  posts.  Thomas  A.  Lesica, 
former  CIO  at  J.  Crew  and  Pepsi-Cola,  is  now  group  vice  president  of  global  IT 
and  business  operations  for  Avaya.  Eric  Berg,  former  Goodyear  Tire  &  Rubber 
CIO,  became  NCR's  first  chief  administration  officer.  Rudolph  Huber,  vice  president 
and  CIO  at  Alcoa,  in  July  became  vice  president  of  Alcoa  Global  Business  Services 
and  CIO.  Peter  F.  Longo,  a  certified  public  accountant  and  former  vice  president  and 
CIO  for  Pratt  &  Whitney,  is  CFO  of  Sikorsky  Aircraft.  For  more  job  changes,  see  our 
updated  “Movers  &  Shakers”  column  at  www2.cio.com/movers. 


Eric  Berg 


34  CIO  OCTOBER  1,  2003  •  www.cio.com 


PHOTO  TOP  BY  STEVEN  VOTE 


:: 't; v'i'tifj. 
W*  £  : 

aV-S’"' ^ "  • 


When  you  upgrade  your  old  printer 
to  a  new  HP  printer,  you  may  actually 
save  more  money  than  you'll  spend. 

HP  innovation  has  led  to  new  enhancements  in  printing  that 
can  help  dramatically  reduce  your  operating  costs.  In  many 
cases,  you  may  save  enough  in  power,  consumables  and 
support-related  costs  to  completely  pay  for  an  upgrade. 
Combine  this  with  special  rebate  incentives,  and  it's  easy  to 
see  how  a  new  HP  printer  can  lead  to  significant  savings 
for  your  company.  Get  more  with  HP  printers. 


Save  even  more  with  rebates  from  $50  to  $2,000 

on  over  40  different  models  of  HP  printing  and  digital  imaging  products. 


For  more  information  or  to  find  a  reseller  near  you,  call  1-866-625-1 174 
or  visit  www.hp.com/go/getmore. 


While  many  users  of  new  HP  printers  may  experience  cost  savings,  your  results  may  vary.  Visit  www.hp.com/go/getmore  for  complete  listing  of  eligible  products  and  rebate  terms  and  conditions.  HP  reserves  the 
right  to  change  or  cancel  this  program  at  any  time  without  notice.  ©2003  Hewlett-Packard  Development  Company,  L.P. 


trendlines 


OFFSHORE  OUTSOURCING 

All  Global  Politics 
Is  Local 


J$k  MATTHEW  SLAUGHTER,  coauthor  of  Globalization  and  the 
jfv  "  Perceptions  of  American  Workers,  is  an  associate  professor 

jv  of  business  administration  at  Dartmouth  College.  CIO 

Executive  Editor  Christopher  Koch  recently  sat  down  with 
||§||m  J&  S  Slaughter  to  discuss  globalization,  technology  and  IT  jobs. 


CIO:  You’ve  studied  American  opinion 
on  globalization  for  years  and  found  that 
most  Americans  don’t  support  global¬ 
ization  if  it  will  affect  jobs  in  the  United 
States.  How  does  that  translate  into 
political  support  for  economic  policies? 

Matthew  Slaughter:  There  is  a  real 
schism  between  what  people  think  of 
globalization  and  what  they  think  of 
technology.  People  understand  that  to 
get  the  gains  from  technology  innova¬ 
tion,  you  have  to  accept  some  job  loss. 
But  what’s  striking  is  that  if  you  have 
the  same  sorts  of  survey  questions  and 
replace  "technology  innovation”  with 
things  such  as  “trade”  and  “foreign 
direct  investment,”  people’s  opinions 
are  almost  completely  flipped  around. 
The  majority  of  Americans  support  the 
churning  in  the  process  of  technology 
innovation;  and  the  same  majority  of 
people  oppose  those  same  sorts  of 
dynamic  forces  from  globalization. 

If  you  look  back  at  the  last  big  labor 
transition,  between  farm  work  and 
manufacturing,  the  transition  seems  to 
have  fewer  financial  repercussions  than 
the  shift  of  white-collar  work  offshore 
that  we’re  seeing  today.  The  farmers 
were  not  investing  huge  sums  of  money 
in  their  children’s  education  and  were 
not  gathering  years  of  specialization  in  a 
particular  job  to  see  that  job  displaced, 
followed  by  a  substantial  loss  of  income. 

Those  sentiments  are  real,  and  they  are 
important  in  terms  of  thinking  about 
what  I  should  do  for  myself  and  for  my 
kids  and  how  I  should  vote.  Mechaniza¬ 
tion  in  agriculture  meant  you  just  didn't 
need  all  those  people  working  on  the 


farms.  It’s  the  same  thing  today.  Why 
should  I  spend  all  this  money  on  college 
education  when  I  don’t  know  if  my 
children  might  have  a  job  when  they 
graduate?  The  sentiments  are  always 
present  in  a  market  economy  where  you 
have  this  churning  going  on.  They  are 
heightened  in  recent  years,  particularly 
in  IT, because  these  processes  have 
become  much  more  a  part  of  how 
business  gets  done. 

In  the  past,  the  low-skilled,  low-income 
workers  were  the  ones  being  displaced. 
Now  you’re  talking  about  people  who  are 
really  at  the  power  core  of  this  country: 
knowledge  workers.  What  do  you  think 
will  happen,  given  the  high  degree  of 
political  power  that  these  people  have? 
Will  there  be  a  strong  political  reaction? 

I  don’t  think  so.  Not  in  terms  of  shutting 
down  globalization.  Very  few  IT  execu¬ 
tives  could  reasonably  argue  that  their 
companies  are  not  better  off  today  than 
they  were  20  years  ago  because  of 
globalization.  Not  just  in  terms  of  their 
companies’  profitability  but  in  terms  of 
their  incomes.  The  more  important 
benchmark  is  not  where  you  were  in 
terms  of  income  in  2000,  but  where  you 
were  in  1993  and  1983— where  you 
might  see  more  activity  in  terms  of  the 
labor  market.  There  will  be  pressure  to 
make  it  easierfor  people  to  have 
portability  of  pensions  and  be  able  to 
gain  education  later  in  life,  the  kinds  of 
things  that  will  enable  workers  to  better 
transition  from  these  kinds  of  shocks. 
The  U.S.  labor  market  lacks  a  lot  of 
those  buffers  that  I  think  would  amelio¬ 
rate  a  lot  of  the  sentiment  that’s  out 
there  about  this  insecurity. 


Chester  Floyd 
Carlson 


This  Date  in 

IT  Histo 

Father  of  the  Photocopy 

1945  10-22-38  Astoria, 

So  read  the  world’s  first 
photocopy  on  Oct.  22, 1938,  in 
Astoria,  N.Y.  Physicist  Chester 
Floyd  Carlson  and  his  assistant 
Otto  Kornei,  while  dabbling  in 
photoconductivity,  poured 
sulfur  across  a  zinc  plate  and 
zapped  it  with  a  white-hot  light. 

Carlson  then  blew  the  remain¬ 
ing  sulfur  from  the  sheet,  and  voil^l  The  paper  read 
"10-22-38  Astoria,”  an  exact  duplicate  of  the  scrib¬ 
bling  on  a  microscope  slide  that  lay  across  the  plate. 

Carlson  pitched  his  invention  to  companies  such 
as  GE,  IBM,  Kodak  and  RCA  but  was  rejected  by  all  of 

them.  (Rejection  and  loss  became  a  familiar  theme 
for  Carlson  during  the  next  six  years:  his  wife  left  him, 
his  assistant  Kornei  left  him,  and  a  heap  of  debt 
accumulated  all  thanks  to  his  copying  pursuits.)  But 

then,  in  1944,  the  nonprofit  Battelle  Institute  offered 

Carlson  $3,000  for  further  research  in  exchange  for 
three-quarters  of  future  royalties.  After  the  rights  to 
his  invention  were  purchased  by  the  Haloid  Co.  (later 
Xerox)  and  the  Greek  term  xerography  (translation: 
“dry  writing”)  was  coined,  Carlson  went  on  to  bank 
$150  million  and  became  the  father  of  possibly  the 
most  ubiquitous  piece  of  contemporary  office 
equipment.  -Daniel  J,  Morgan 

Other  Notable  Events 


The  Soviets  jump  to  an 
early  lead  in  the  space 
race  with  the  launch  of 
Sputnik  on  this  day  in 

1957. 


Thomas  Edison,  inventor 
of  the  electric  lightbulb, 
the  universal  stock  ticker 
and  the  motion  picture 
camera  dies  in  1931. 


5 


The  first  radio  conversa 
tion  with  a  submerged 
submarine  happens  in 
1919.  The  U.S.S.  H-2 
radioed  the  destroyer 
Blakey  from  the  depths 
of  the  Hudson  River. 


14 


From  the  confines  of  the 
Apollo  7  spacecraft,  the 

first  live  telecast  from 
space  takes  place 

in  1968. 


19 


The  Justice  Department’s 
antitrust  trial  against 
Microsoft  gets  underway 
in  1998.  Microsoft  is 
accused  of  bullying  PC 
makers  into  providing 
Explorer  as  the  default 
browser  instead  of  rival 
Netscape  Navigator. 


SOURCES:  About.com. 
Fairbanks  North  Star  Borough 
School  District,  History 
Channel.  HowStuffWorks, 
Tripod 


3  6  CIO  OCTOBER  1,  2003 


www.cio.com 


s 


Turns  coach 


Fujitsu  recommends  Microsoft®  Windows* 
XP  Professional  for  Mobile  Computing 


The  ultra-small,  full-featured  notebook  you  don’t  have  to  make  room  for. 

More  lap  and  tray  table  room.  A  wide-screen  display  with  Dolby  stereo.  Enough  battery  life  for  a  full-length  double  feature. 
With  its  ultra-small  size  and  ultra-big  multimedia  capabilities,  the  award-winning  Fujitsu  LifeBook®  P5000  notebook  will  make 

any  trip  feel  like  an  upgrade.  A  "micro”  revolution  in  mobile  computing,  the  LifeBook  P5000 
notebook  features  Intel®  Centrino™  mobile  technology,  a  modular  bay,  and  extended  battery  life  in 
an  8”  x  1 0"  chassis  you  have  to  see  to  believe.  Watch  DVDs,  burn  CDs,  or  drive  powerful  mobile 
applications — without  having  to  lug  around  an  extra  carry  on.  To  see  what  your  new  travel 
companion  can  really  do,  call  1.877.372.3473  orvisitwww.fujitsupc.com/firstclass, 

MOBILE 
TECHNOLOGY 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


©2003  Fujitsu  PC  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  Intel.  Intel  Centrino.  and  the  Intel  Centrino  logo  are  trademarks 
or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation. 


•  • 
•  • 


ft  9 
9  9 

•  ft 

•  * 


•  •  •  * 


ft  • 
•  • 
»  • 

ft  • 

•  • 


•  •••••• 


•  • 
•  • 


#  •  . 

•  •  •  • 


i  • 
•  • 
ft  •  • 
ft  •  • 


•  ’  I  • 


9  9  m  9  9  9 

9  9  9  9  9  9 


•  •  • 


I  I 

•  t 

*  • 
»  • 


’  • 

9*99 


ft  3  •  -  •  • 


•  •  •  I 

•  •  •  • 


•  •  9  9  9 


9  9 
9  9 


•  •  • 
•  •  r 


•  • 
•  • 
•  • 


0  9  * 

•  9 


9  9  9  9  •  •  • 


•  •  • 

9  •  0 


9 

9  • 


•  • 
•  • 
•  • 
•  • 


•  • 
•  • 

•  I 

•  • 


•  • 
•  • 
•  • 
•  • 


Conventional  business. 


NEC  is  a  registered  trademark  of  NEC  Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners.  ©2003  NEC  Solutions  (America),  Inc.  All  Rights  Reserved. 


Connected  business. 


Introducing  NEC's  vision  of  the  Connected  Enterprise.  It’s  just 
not  enough  to  align  and  connect  the  dots  in  your  business 
anymore.  Not  when  your  competitors  have  IT  infrastructures 
that  perform  at  a  whole  new  level.  These  infrastructures  inte¬ 
grate  business  processes  and  real-time  information  -  about 
customers,  employees,  partners  and  suppliers  -  into  clear 
pictures  that  are  accurate  and  actionable. 

To  help  companies  compete  in  a  changing  and  challenging 
business  environment,  NEC  Solutions  America  has  united  our 
world-class  products  and  services  to  bring  you  a  very  agile 
and  resourceful  solutions  provider.  Using  an  open  and  holistic 
approach,  NEC  brings  together  best-of-class  hardware, 


software  and  services,  with  vast  experience  in  mobile  enterprise 
computing,  business  intelligence,  biometric  security,  business 
service  management  and  visual  display  solutions.  The  result: 
enterprise  knowledge  that  empowers  your  company  in  new 
ways,  to  create  measurable  improvements  in  performance, 
efficiency  and  ROI. 

That’s  NEC’s  vision  of  the  Connected  Enterprise.  And  we’re 
turning  that  vision  into  real-time  reality  for  businesses  one 
enterprise  at  a  time.  To  connect  with  us,  call  888-632-7003  or 
visit  www.necsam.com/connected. 

Empowered  by  Innovation  \li~C" 


Peer  to  Peer 

Field-Tested  Ideas  from  CIOs  for  CIOs 


Culture  Clash 

You  don’t  need  a  degree  in  anthropology  to  negotiate 
multicultural  IT  projects.  But  as  this  IT  exec 
discovered,  having  one  sure  doesn't  hurt. 

BY  PATRICIA  ENSWORTH 

WHEN  COLLEAGUES  LEARN  that  my  graduate  degree  is  in  anthropol¬ 
ogy  rather  than  business  or  computer  science,  they’re  usually 
puzzled.  They  assume  that  I’ve  changed  careers,  or  that  study¬ 
ing  human  cultures  is  an  interesting  but  frivolous  hobby — like, 
say,  building  model  ships. 

In  fact,  over  the  years  my  expertise  in  anthropology  has  turned 
out  to  be  one  of  the  most  valuable  tools  in  my  management  kit. 
It’s  particularly  helpful  now,  when  more  and  more  IT  projects  are 
becoming  collaborative  endeavors  at  locations  around  the  world, 
involving  people  of  vastly  different  backgrounds. 

Consider  my  experience  at  Moody’s  Investors  Service.  I 
joined  the  credit  rating  agency  in  1993  when  it  was  embarking 
upon  a  major  expansion  outside  the  United  States,  as  well  as 
undertaking  an  ambitious  strategy  to  replace  legacy  mainframe 
processes  and  standalone  desktop  applications  with  a  more 
efficient  global  data  architecture.  Today,  Moody’s  publishes 
ratings  and  research  electronically  in  real-time  on  its  website.  Its 
analysts  gather  information  about  market  conditions  affecting 
companies,  governments  and  debt  instruments  wherever  peo¬ 
ple  issue  bonds  to  raise  capital.  Its  internal  systems  integrate 

40  CIO  OCTOBER  1,  2003  •  www. cio.com 


financial,  HR,  marketing  and  workflow  operations  in  offices  on 
every  continent  except  Antarctica. 

As  an  IT  manager,  one  of  my  responsibilities  was  serving  as 
the  liaison  between  the  central  systems  development  group  at 
the  U.S.  headquarters  and  the  developers  and  end  users  in  other 
countries.  That  meant  leading  project  teams  of  staff  members, 
consultants  and  vendors  who  were  multinational,  multiracial, 
multiethnic,  multireligious  and  multilingual. 

Changes  in  Latitudes,  Changes  in  Attitudes 

You  might  think  that  a  multicultural  IT  project  is  much  the  same 
as  any  other.  After  all,  developers  who  employ  the  same  pro¬ 
gramming  language  can  usually  decipher  each  other’s  code  even 
if  they  don’t  speak  the  same  human  language.  English  now  unites 
the  IT  world  as  Latin  once  united  the  Roman  Empire.  Yet  in  my 
experience,  multicultural  projects  almost  always  generate  con- 


ILLUSTRATION  BY  JAMES  O'BRIEN 


©20  i  Microsoft  Corporation.  All  rights  reserved.  Mic  asoft  is  a  registered  trademark  of  Microsoft  Cori 


irj  )f  Microsoft  C^poi 


Microsoft  Business  Solutions  ApS  is  a  subsidiai 


id  States  apd/or  other  countrie 


iration. 


ons  are  everywhere.  Insight  is  not 


j  * 

Making  important  decisions  is  your  job.  Delivering  the  insight  to  help  you  make  smarter  decisions  is  ours.  With  business  applications 
and  services  from  financial  management  to  customer  relationship  management,  we  have  the  experience  and  resources  to  help  you 
succeed  in  an  ever-changing  business  world.  To  get  more  information,  visit  us  at  microsoft.com/BusinessSolutions/lnsight 


Microsoft 

sinoss 

Solutions 


Management 


Retail  Management 


Analytics 


Financial  Management 


Customer  Relationshi 


Peer  to  Peer 


flicts.  And  that’s  because  people  from  different  cultural  back¬ 
grounds  have  different  notions  of  leadership.  In  sum,  global 
workers  have  varying  attitudes  about  the  importance  of  deadlines, 
the  flexibility  of  rules  and  even  the  need  to  write  things  down. 

At  Moody’s,  these  cultural  differences  hampered  our  ability 
to  conduct  software  testing  and  engineering  process  audits. 
Effective  quality  assurance  requires  an  independent  perspec¬ 
tive  and  an  open  acknowledgment  of  defects.  Until  the  mid- 


Workers  around  the  globe  have  varying  attitudes 
about  the  importance  of  debate,  deadlines  and  rules. 


1990s,  in  a  largely  homogenous  American  development 
environment,  the  dynamics  of  QA  methodology  depended  on 
three  very  American  values.  The  first  was  the  egalitarian  ideal 
of  social  intercourse — the  way  distinctions  of  rank  are  sup¬ 
posed  to  be  minimized  in  our  daily  interactions.  The  second, 
emerging  from  the  first,  was  the  informal  give-and-take  Amer¬ 
icans  learn  in  school  as  they’re  encouraged  to  express  opin¬ 
ions,  challenge  other  students  (and  sometimes  even  the  teacher) 
and  brainstorm  solutions.  The  third  was  the  “tell  it  like  it  is” 
approach  to  conflict  resolution,  in  which  criticism  may  be 
expressed,  ideally  without  shame  or  fear  of  reprisal. 

But  many  of  the  IT  workers  who  have  emigrated  to  the 
United  States  within  the  past  10  years  do  not  share  those  values, 
and  they  follow  radically  different  codes  of  conduct.  For  some, 
a  caste  system  or  other  rigid  hierarchy  establishes  the  ground 
rules  of  social  relations.  For  others,  education  means  rote  learn¬ 
ing  and  stria  obedience  to  authority.  In  many  cultures,  open  dis¬ 
agreement  and  direct  criticism  entail  a  painful  loss  of  face  and 
thereby  close  off  the  possibility  of  ever  resolving  anything. 

As  these  values  and  behaviors  collided,  gaps  in  communica¬ 
tion  began  to  appear.  The  relationship  between  developers  and 
testers  changed.  Developers  have  always  enjoyed  a  higher  status 
than  testers,  yet  the  formal  organizational  and  informal  social 
disparity  widened  dramatically.  Testers  became  less  willing  to 
criticize  and  possibly  shame  their  betters,  and  developers  became 
less  willing  to  collaborate  with  their  inferiors. 

Discouraged  from  pursuing  a  challenging,  intellectual  give- 
and-take  with  developers,  testers  sought  to  demonstrate  their 
productivity  by  running  lots  of  easy,  superficial  tests  and  gen¬ 
erating  reams  of  documentation.  And  although  on  paper  it 
looked  as  if  we  were  allocating  more  and  more  resources  to 
quality  assurance  activities,  in  reality  our  test  coverage  and  our 
process  audit  function  were  in  decline. 

Many  other  companies  experience  the  same  dilemma.  In 
response,  some  organizations  seek  to  employ  Capability  Maturity 


Models  or  Six  Sigma  for  reconfiguring  their  processes.  Instead,  we 
opted  for  a  simpler  solution.  We  found  that  culture  shock  prob¬ 
lems  could  be  resolved — or  avoided — by  making  a  minor  but 
significant  organizational  change.  A  QA  manager  was  appointed 
at  the  project  manager  level.  Testers  reported  to  both  a  projea 
manager  and  the  QA  manager  in  a  matrix  relationship,  raising 
their  status  in  their  own  eyes  and  in  the  eyes  of  the  developers.  The 
QA  manager  became  responsible  for  coordinating  standards  and 

procedures  across  the  projea  teams. 

The  QA  manager  also  served  as  an 
ombudsman,  combining  the  functions  of 
a  diplomat  and  a  parliamentarian.  Not 
only  testers,  but  also  developers,  business 
analysts  and  product  managers  were 
encouraged  to  regard  the  QA  manager’s 
office  as  a  place  where  they  could  express  sensitive  concerns.  In 
an  environment  where  individuals  were  sometimes  embarrassed 
to  call  attention  to  the  cultural  differences,  the  QA  manager  was 
usually  able  to  approach  the  issue  as  a  matter  of  workflow  or 
communication  protocol,  allowing  everyone  to  save  face.  After  six 
months  of  this  arrangement,  test  methodology  and  coverage  sub¬ 
stantially  improved.  Issues  of  engineering  process  and  risk  analy¬ 
sis  were  being  discussed  openly  again.  Both  developers  and  testers 
felt  that  communication  had  become  easier. 


Skirting  the  iceberg 

It’s  an  understandable  mistake  to  misdiagnose  cross-cultural 
conflias  as  issues  of  personality  or  job  performance.  Like  an  ice¬ 
berg,  most  of  a  person’s  cultural  identity  is  below  the  surface. 
Differences  in  accent,  clothing,  table  manners — those  are  obvi¬ 
ous  and  therefore  relatively  easy  to  maneuver  around.  What 
don’t  show  are  core  beliefs  and  the  questions  they  engender 
such  as:  What  is  fair?  What  is  proper?  To  whom  or  what  does 
one  owe  allegiance?  What  are  the  boundaries  of  ambition  and 
responsibility?  Those  submerged  incompatibilities  pose  the 
greatest  danger  to  successfully  navigating  IT  projeas. 

At  Moody’s,  I  was  the  QA  manager  who  confronted  these 
issues.  But  nowadays,  you  may  not  need  a  professional  anthro¬ 
pologist.  An  increasing  number  of  organizations  provide  train¬ 
ing  in  multicultural  management.  This  practice  makes  good 
business  sense.  Not  only  can  it  help  avert  problems,  it  can  also 
show  IT  executives  how  to  transform  their  workforce  from 
mistrustful  tribes  eyeing  each  other  across  the  cultural  divide 
into  a  corps  that  profits  from  each  other’s  perspectives.  E3E3 


Patricia  Ensworth,  a  former  vice  president  at  Moody's 
Investors  Service,  is  the  author  of  The  Accidental  Pro¬ 
ject  Manager.  She  is  president  of  consultancy  Har- 
borlight  Management  Services  and  can  be  reached  at 
info@harborlightmanagement.com. 


4  2 


CIO  OCTOBER  1,  2003 


www.cio.com 


The  average  lunch  meeting  starts  late. 


Here's  to  seven  minutes  of 

pure  productivity 

regardless  of  where  you're  sitting 


No  Wi-Fi?  You're  Covered.  W 


Enterprise  mobility  applications  based  on  3G  CDMA  wireless  networks  are  revolutionizing  business  in  ways  that  Wi-Fi  can't. 
Offering  ubiquitous  coverage  and  speeds  better  than  landline  dial-up,  you'll  have  instant  access  to  your  office,  even  if  you 
aren't  at  a  location  that  offers  Wi-Fi.  That  translates  into  more  time  each  day  that  you're  operating  at  peak  efficiency.  Best  of 
all,  you  won't  be  limited  by  Wi-Fi  "hot  spot"  availability.  Remember,  not  all  wireless  technologies  are  created  equal.  To  find 
out  what  the  differences  are,  ask  your  wireless  provider  whether  they  offer  true  nationwide  3G  services. 


www.qualcomm.com/enterprise5 


©2003  QUALCOMM  Incorporated-  All  rights  reserved 


Qualcomm 


Tom  Davenport  I  The  New  Work  Order 

Retooling  the  Knowledge  Worker 


Putting  It  All 

Together  Again 

Knowledge  worker  productivity: 
your  questions  answered 

THIS  BEING  THE  LAST  in  a  series  of  columns  here  about  knowledge 
worker  productivity,  I  thought  you  might  be  expecting  some 
answers.  One  thing  I  know  for  sure:  Depriving  knowledge 
workers  of  sleep  is  definitely  not  a  route  to  enhanced  produc¬ 
tivity.  I  started  this  column  on  my  way  to  Thailand  (and  highly 
sleep-deprived),  and  it  turns  out  I  was  not  very  productive  at  all! 

But  before  I  answer  your  questions  about  what  does  work 
well,  a  brief  review  of  the  problems  might  be  useful. 

■  Knowledge  work  is  hard  to  measure,  so  most  of  us  don’t  bother 

■  Although  not  all  knowledge  workers  are  alike,  there  is  no 
standard  classification  or  segmentation  scheme  for  them. 

■  There  are  lots  of  “productivity  tools”  for  knowledge  work¬ 
ers — too  many — but  they  don’t  connect  well  with  each  other. 

■  The  organizational  support  for  knowledge  work  is  similarly 
fragmented  and  comes  from  a  variety  of  IT  organizations, 
human  resources,  facilities  organizations  and  so  forth. 

So  how  do  we  put  this  Humpty  Dumpty  back  together 
again?  One  approach  is  to  integrate  the  various  technologies 
that  knowledge  workers  use.  In  the  past  week,  for  example, 
I’ve  met  several  people  who  have  shifted  to  PDA/cell  phone 

44  CIO  OCTOBER  1,  2003  •  www. cio.com 


combo  devices — not  because  they  are  cool  gadgets,  but  because 
they  hold  the  potential  for  simplifying  life.  At  the  very  least,  they 
can  reduce  the  number  of  devices  to  carry  and  limit  the  num¬ 
ber  of  name-and-address  files  to  manage. 

By  the  same  logic,  the  fewer  computers  one  uses,  the  better. 
Many  people  have  begun  to  use  their  work  laptops  for  all  their 
computing  needs.  That  is,  of  course,  if  your  organization  does¬ 
n’t  mind  you  using  its  machine  for  personal  applications  and 
messaging,  and  that  you  don’t  mind  using  a  laptop  for  every¬ 
thing.  A  lot  of  people  (including  me)  already  carry  a  laptop 
everywhere,  so  we  might  as  well  get  the  benefits  of  “architec¬ 
tural  consolidation”  and  bag  the  home  desktop  altogether. 

Another  IT-related  approach  is  to  integrate  the  various  sup¬ 
port  groups  for  knowledge  worker  technologies.  At  most  large 
organizations  today,  there’s  one  group  to  support  messaging 
technologies,  one  for  knowledge  management,  one  for  per- 


ILLUSTRATION  BY  JEFFREY  PELO 


WE'RE  NOT  HERE  TO  TELL  YOU 
THAT  ANTI-VIRUS  AND 
FIREWALLS  AREN'T  ENOUGH. 

THAT'S  WHAT  WORMS  ARE  FOR. 


Dynamic  Threat  Protection.  The  most  complete  protection  available. 

Most  large-scale  Internet  attacks  completely  bypass  firewalls  and  anti-virus.  We  stop  these 
threats  cold.  How?  Simple.  We  are  #1  in  the  world  for  security  intelligence  and  threat  protection 
technology.  We  deliver  the  fastest,  most  accurate  detection,  prevention  and  response  solution. 
We  call  it  Dynamic  Threat  Protection.  Visit  us  at  www.iss.net/iss-cio  or  call  800-776-2362. 


INTERNET 

Security 

Systems" 


Tom  Davenport  I  The  New  Work  Order 


sonal  productivity  applications  and  perhaps  another  for  help  on 
wireless  communications  devices.  The  different  groups  mean 
that  IT  is  unlikely  to  develop  an  integrated  approach  to  helping 
knowledge  workers  use  these  tools  effectively.  The  individual 
employee  is  left  to  his  own  devices,  so  to  speak. 

I  came  across  one  organization  that  is  addressing  this  prob¬ 
lem,  however.  Intel’s  IT  organization  has  recently  reorganized 
itself  to  combine  the  knowledge  management,  collaboration  and 
personal  productivity  groups.  Called  eWorkforce,  the  group  sup¬ 
ports  knowledge  worker  use  of  PCs,  laptops,  cell  phones  and 
PDAs.  The  primary  goal  is  to  develop  integrated  solutions  for 
“generic”  knowledge  worker  processes — arranging  and  con- 


Since  all  knowledge  workers  aren’t  alike,  we  need 
to  segment  them  into  meaningful  categories  and 
apply  IT  and  process  improvement  approaches 
differently  for  each  category. 


ducting  an  asynchronous  meeting  or  managing  a  project.  While 
I  believe  it’s  a  great  step  forward  to  integrate  devices  and  sup¬ 
port  organizations,  I’d  argue  that  to  make  real  progress  in 
knowledge  worker  productivity,  we  need  to  disintegrate  the 
target  audience.  That  is,  since  all  knowledge  workers  aren’t 
alike,  we  need  to  begin  to  segment  them  into  meaningful  cate¬ 
gories  and  apply  IT,  process  improvement  approaches  and  other 
productivity  aids  differently  for  each  category. 

The  question  is  what  sort  of  segmentation  scheme  to  use. 
Intel  has  created  one  based  primarily  on  behaviors  and  atti¬ 
tudes  toward  technology.  Its  categories  are  as  follows: 

■  Functionalists — Primarily  manufacturing  workers  (but  includ¬ 
ing  some  office  workers)  who  use  IT  occasionally  but  don’t 
rely  heavily  on  “office  IT”  to  perform  their  job  functions. 

■  Cube  captains — Spend  the  majority  of  their  time  in  the  office, 
are  very  mainstream  in  their  office  IT  needs  and  are  overall 
very  happy  with  the  tool  sets  they  have. 

■  Nomads — Heavy  users  of  remote  access  and  mobile  IT, 
whether  while  traveling  or  working  in  remote  offices. 

■  Global  collaborators — Interface  often  with  people  around 
the  world;  they  resemble  nomads  but  work  across  time  zones 
and  need  access  to  collaboration  tools,  anywhere,  anytime. 

■  Tech  individualists — They  want  and  adopt  early  the  latest 
IT  tools  and  are  willing  to  take  risks  with  them. 

These  probably  wouldn’t  be  the  right  categories  for  all  organ¬ 
izations,  but  I  view  it  as  a  great  step  forward  for  Intel  to  create 
and  address  them.  Intel’s  next  step  is  to  put  them  in  the  context 
of  business  process  and  business  unit  needs. 


My  own  hypothesis  is  that  the  best  way  to  segment  knowl¬ 
edge  workers  would  be  by  the  roles  they  perform  within  the 
organization.  I  would  guess  that  determining  whether  you’re  a 
“field  sales  analyst”  or  a  “midlevel  marketing  manager”  would 
drive  the  type  of  work  you  do  and  how  it  could  be  done  more 
productively  and  effectively.  Of  course,  that  will  be  difficult 
and  perhaps  expensive.  Most  organizations  don’t  even  know 
how  many  roles  they  have.  I  suspect  the  only  role-based  seg¬ 
ments  that  might  make  sense  are  those  in  which  there  are  many 
workers  in  a  single  segment,  or  in  which  better  productivity  or 
performance  is  mission-critical. 

A  great  example  of  such  a  role-based  approach  is  at  the  global 
telecom  company  BT,  which  has  focused 
considerable  effort  on  its  15,000  cus¬ 
tomer  contact  workers.  The  focus  for 
these  workers  was  less  on  increased  pro¬ 
ductivity  (typically  measured  in  call-han¬ 
dling  times)  and  more  on  improved 
customer  service  through  better  avail¬ 
ability  of  relevant  information  and 
knowledge.  BT  implemented  a  new  role- 
specific  portal,  BT  AdvisorSpace,  within 
its  customer  contact  centers.  BT’s  goal  is  to  make  available  all 
needed  information  and  knowledge  in  real-time  while  the  cus¬ 
tomer  is  on  the  phone — and  eventually  to  bring  the  relevant 
information  to  the  screen  automatically  based  on  the  current 
customer  transaction.  Already  the  new  system  has  led  to  a  sev¬ 
eral  percentage-point  increase  in  customers  feeling  that  their 
adviser  was  helpful  and  knowledgeable  (it’s  at  97  percent  now). 
The  advisers’  confidence  in  the  information  they  use  is  up  by  23 
percent.  To  me,  that’s  a  great  example  of  what  an  organization 
can  accomplish  when  it  focuses  its  efforts  and  information 
resources  on  a  particular  role. 

Of  course,  there  are  important  ways  to  improve  productiv¬ 
ity  that  don’t  involve  IT.  One  is  to  ensure  that  there  are  meas¬ 
ures  of  productivity  and  effectiveness  in  place  (easy  in  call 
centers,  harder  with  more  autonomous  knowledge  workers). 
Another  is  to  develop  business  process  standards  such  as  the 
Capability  Maturity  Model  I  mentioned  in  my  last  column.  A 
third  is  to  treat  every  intervention  into  knowledge  work  as  an 
experiment — with  measures,  a  control  group,  clear  hypotheses 
about  the  result  and  so  forth. 

I’m  more  confident  than  ever  about  the  importance — and 
the  difficulty — of  addressing  the  topic  of  knowledge  worker 
productivity.  Just  remember:  It’s  the  Next  Big 
Thing,  and  you  heard  it  here  first.  EE1 


Tom  Davenport  ( tdavenport@babson.edu )  is  director 
of  the  Accenture  Institute  for  Strategic  Change  and 
professor  of  IT  and  management  at  Babson  College. 


4  6 


CIO  OCTOBER  1,  2003 


www.cio.com 


These  days,  you  are  your  information.  And  having  information  that's  less  than  accurate  is  simply  no  longer 
acceptable.  Yet  with  incompatible  data  sources  and  volume  multiplying,  how  can  you  possibly  bring  all  of 
your  data  together  and  come  up  with  a  timely  and  relevant  assessment  of  your  business  you  can  trust?  The 
answer  is  Informatica®  We  can  transform  your  disparate  enterprise  data — re¬ 
gardless  of  source  or  application — into  a  single,  manageable,  and  scalable 
resource  that  delivers  business  insight  that  is  easy  to  use,  reliable  and  auditable. 

To  learn  why  over  80%  of  the  Fortune  100  have  turned  to  our  unified  data  integration  and  business  intel¬ 
ligence  solution,  just  call  800-970-1179,  or  visit  us  online  at  www.informatica.com.  Because  if  you're  only  as 

good  as  your  data,  this  is  how  to  always  be  at  your  very  best. 

©  2003  Informatica  Corporation.  All  rights  reserved.  Informatica,  the  Informatica  logo,  and  "Turning  integration  into  insight"  are  trademarks  or  registered 
trademarks  of  Informatica  Corporation. 


www.informatica.com 


iNFORMATiCA 

Turning  integration  into  insight. 


The  Year  Ahead 


Issues  ►  Ideas  ►  Impact 

What  are  our  vulnerabilities? 
What  are  our  options? 

A  hard  look  ahead  at  the  impact 
of  current  issues  &  trends. 

What  are  our  opportunities? 

t  - 1  are  our  peers  doing? 

November  2-4,  2003  |  JW  Marriott  Desert  Ridge  Resort  &  Spa,  Phoenix,  AZ  |  800.366.0246 


CIO  04  forward-looking 

major  trends  significant  impact  CIO  role 

12—24  month  timeframe  share  approaches 


Presented  by 

mm 

The  Resource  for 
Information  Executives 


Sponsored  by 


COMPGWARE. 


K  Intel 

KEANE 


Satyam 


What  Business  Demands 


D-SAVVIS 

The  Network  that  powers  Wall  street- 


€  u  I  —a  CIO  Perspectives® Conference  j  www.cio.com/conferences  1 800.366,0246 

In  order  to  ensure  a  true  peer  group  experience,  attendees  must  meet  CIO  Executive  Programs'  qualifications. 


WHERE  WHEN  TO  APPLY 

JW  Marriott  Desert  Ridge  November  2-4, 2003  www.cio.com/conferences 

Resort  &  Spa,  Phoenix,  AZ  or  800.366.0246 


Conference  Moderator 

JONATHAN  ZITTRAIN 

Co-Director  of  the  Berkman  Center  for 
Internet  &  Society  and  Professor  at 
Harvard  Law  School 

The  Economy 

What’s  the  outlook?  What  domestic  and  foreign 
policies  are  helping  or  hurting?  And  what  about 
the  hard-hit  tech  sector? 

Jobs  &  IT  People 

What  happens  when  all  the  baby  boomers  start 
retiring?  Does  the  younger  generation  really  look 
at  work  differently?  Why  is  there  so  little  diversity 
in  the  IT  ranks?  Is  offshore  outsourcing  leading  to 
the  extinction  of  most  domestic  IT  jobs?  Are  our 
schools  adequately  preparing  the  next  generation 
of  IT  and  business  workers? 

Law  &  Society 


much  security  and  privacy  is  enough?  Is  all  the 
talk  about  ethics  just  that?  Social  responsibility: 
can  business  do  well  by  also  doing  good 
—and  do  your  customers  care? 

Technology 

How  worried  should  you  be  about  vendor  consoli¬ 
dation?  What  are  the  major  cross-industry  busi¬ 
ness  concerns— and  what  solutions/initiatives  are 
getting  funded  in  the  near  term?  Should  you  fear 
the  RFIDs  in  your  future?  What  emerging  tech¬ 
nologies  are  venture  capitalists  betting  their 
money  on  now— and  why? 

Future  of  IT  (&  the  CIO) 

For  many  years,  CIOs  have  been  working  hard  to 
secure  a  place  at  the  top  management  table.  Now 
some  business  and  industry  gurus  say  IT  is  no 
longer  strategic:  it’s  just  becoming  a  commodity 
and  can’t  give  a  competitive  advantage.  Are  they 
right?  Should  CIOs  be  worried? 


How  are  CIOs  coping  with  the  Patriot  Acts, 
Sarbanes-Oxley,  HIPAA,  and  other  legal  man¬ 
dates?  What  pending  legislation  is  bound  to 
■^.give  vou  headaches  if  it  passes  into  law?  How 


And  we’ll  give  you  plenty  of  networking  opportunities,  starting 
with  the  CIO  Golf  Tournament  on  Sunday  morning,  receptions, 
special  small  working  groups  and  breakouts,  mealtimes, 
discussion  roundtables,  and  evening  hospitalities. 


Golf  Tournament  is  on 

“  -  c-  'jqday  morning  at 


S£-r  4  Z  -  ^ 


Participants  include: 

Todd  Dagres 

General  Partner, 

Battery  Ventures 

Christopher  J.  Feola 

Vice  President,  Technology, 
Belo  Interactive 

Neil  Gershenfeld 

Director  of  the  Center  for 
Bits  and  Atoms,  and 
Director  of  the  Things 
That  Think  Research 
Consortium, 

MIT  Media  Labs 

Asiff  Hirji 

Executive  Vice  President  & 
CIO,  Ameritrade  Holding 
Corporation 

Michael  W.  Horrigan 

Assistant  Commissioner, 
Bureau  of  Labor  Statistics 

Bruce  P.  Keller 

Partner, 

Debevoise  &  Plimpton 

Erik  Lassila 

Partner, 

Clearstone  Ventures 

Christopher  Lindquist 

Technology  Editor, 

CIO  Magazine 

Abbie  Lundberg 

Editor  in  Chief, 

CIO  Magazine 

Roger  McNamee 

Co-founder  &  General 
Partner,  Integral  Capital 
Partners 

Mark  Polansky 

Managing  Director,  IT 
Practice, 

Korn/Ferry  International 

Sheleen  Quish 

Global  CIO  &  Vice  President 
of  Corporate  Marketing, 
United  States  Can  Company 

Nick  Sturiale 

Partner,  Sevin  Rosen  Funds 

Lester  Thurow 

Author  &  Management  and 
Economics  Professor,  MIT 


Jack  Keen  I  Real  Value 

Practical  Counsel  for  Capturing  IT  Value 


Wanted:  Metric 

Skeptics 

Accepting  vague  or  irrelevant  numbers 
for  project  value  measurements  can  lead  to 

bad  IT  spending  decisions 

I  CONFESS.  I’M  A  NUMBERS  KIND  OF  GUY.  But  I’m  concerned.  I  see 
too  many  numbers,  with  too  little  meaning,  cavalierly  factored 
into  too  many  IT  value  discussions.  Metrics  are  often  manage¬ 
ment’s  single  most  important  determinant  of  value.  So  allowing 
anything  less  than  top  quality  numbers — and  the  correct  con¬ 
text  for  these  measurements — leads  to  wrong  decisions  about 
which  IT  investments  to  select,  which  implementation  paths 
to  choose  or  what  portfolios  to  manage. 

There  are  three  common  ways  that  people  misuse  metrics: 
tolerating  ambiguity,  discouraging  guesstimates  and  overlook¬ 
ing  available  sources.  Let’s  take  a  look  at  some  solutions  for 
avoiding  these  missteps. 

Tolerating  Ambiguity  Numbers  falsely  convey  a  mystique 
of  truth,  by  their  very  existence.  But  rarely  do  numbers  actually 
mean  what  they  seem  to  imply.  That  is  because  a  metric  is  not 
“the  result.”  It  is  shorthand  for  a  story  about  the  result.  If  the 
metric  user  leaves  out  the  story  portion  of  the  metric,  we  are  left 
to  make  potentially  erroneous  assumptions  to  fill  in  the  gaps. 
For  example,  if  someone  states  “we  have  a  25  percent  cus¬ 
tomer  retention  rate,”  he  is  providing  us  with  an  ambiguous 


metric.  Because  the  story  behind  the  metric  is  missing,  his  mes¬ 
sage  has  no  infallible  meaning.  In  this  example,  a  good  metric 
story  might  say:  “Our  internal  audit  committee  confirmed  last 
April  that  our  Southern  division  has  experienced  a  25  percent 
customer  retention  rate,  for  those  customers  who  have  bought 
at  least  $10,000  annually  from  us,  for  the  past  three  years  in  a 
row.  Sue  Smith,  vice  president  of  finance,  has  stated  that  this 
retention  rate  is  too  low  to  allow  us  to  realize  the  gross  margin 

cr 

goals  for  this  year.”  Armed  with  that  explanation,  we  are  less  £ 
likely  to  misuse  the  metric’s  meaning  and  implications,  and  can  | 

c n 

make  an  informed  decision.  f 

Discouraging  Guesstimates  Another  misuse  of  numbers  “ 
occurs  when  management  refuses  to  accept  guesstimates  “ 

O 

(informed  estimates)  as  legitimate  metrics.  This  problem  occurs  5 

cr 

whenever  someone  says,  “If  you  can’t  prove  it,  we  won’t  use  « 
it.”  In  this  mistaken  worldview,  only  hard  metrics  from  fac-  d 


5  0  CIO  OCTOBER  1,  2003 


w  w  w .  c  1 0  .com 


You  did  everything  right,  but... 


If  your  IT  spending  isn't  aligned  with  the  business  strategy, 

you've  failed  the  company. 


Your  job  has  moved  beyond  just  technology — you 
need  to  embrace  your  company's  overall  business 
objectives.  Primavera  can  help.  For  20  years,  we've 
been  working  toward  the  ultimate  project  portfolio 
management  solution. 

Our  software  helps  you  prioritize  your  entire  project 
portfolio,  so  you  can  optimize  people,  projects,  and 
processes  to  stay  focused  on  business  goals. 


We  saved  a  Fortune  1 00  company  $1  5  million 
in  nine  months.  How  much  can  we  save  you ? 

To  estimate  your  company's  potential  savings  with 
our  convenient  online  ROI  Calculator,  visit: 

www.primavera.com/ppm 


PRIMAVERA 


Jack  Keen  I  Real  Value 


tual  situations  are  valid.  The  clear  message  is  that  guesses  don’t 
count.  The  reality  is  that  informed  guesses  are  what  makes  the 
world  work.  If  business  investment  strategies  were  100  per¬ 
cent  fact-based,  we  wouldn’t  need  high-price  executives  to  guide 
the  company.  Computers  could  probably  do  the  job  via  fancy 
calculations.  The  whole  discipline  of  risk  management  is  ulti¬ 
mately  grounded  in  probabilities,  which  themselves  are  esti¬ 
mates.  The  medical  profession  begins  and  ends  with  the 
reliability  of  doctor  diagnoses,  none  of  which  are  100  percent 


Metrics  are  often  management’s  single  most  important 
determinant  of  value.  So  allowing  anything  less  than 
top  quality  numbers  leads  to  wrong  decisions  about 
which  IT  investments  to  select. 


correct.  But  they  get  enough  right  that  we  don’t  ban  their 
profession.  A  similar  situation  exists  with  our  economy’s 
reliance  on  meteorologists.  They  don’t  hit  the  mark  100  percent 
of  the  time.  But  their  track  record  is  good  enough  for  airplanes 
to  fly  safely  through  troubling  storms,  not  to  mention  properly 
attiring  our  families  for  school  and  work.  The  key  to  accepting 
informed  guesses  as  valid  metrics  is  to  make  sure  they:  A.  Come 
from  knowledgeable,  experienced  and  dependable  people;  and 
B.  Are  accompanied  by  clear  explanations  of  the  guesstimate’s 
premises,  assumptions  and  logic. 

Overlooking  Available  Sources  For  many  CIOs,  the  most 
distressing  situation  occurs  with  metric  misuse  when  the  really 
good,  hard,  relevant  ones  exist,  but  they  go  undiscovered.  More 
often  than  not,  this  occurs  from  lack  of  elementary  research 

skills  by  those  charged  with 
finding  such  metrics.  In  this 
age  of  information  over¬ 
load,  useful  metrics,  of 
direct  validity  for  the  com¬ 
pany’s  situation,  may  well 
exist,  yet  are  hidden  within 
readily  accessible  sources — 
such  as  the  publications 
from  trade  associations, 
research  by  business 
schools  and  surveys  from 
industry  analysis  firms,  to 
name  a  few.  Ironically, 
sometimes  an  organiza¬ 
tion's  customers  either  have 
the  missing  metrics  or 


Get  Relevant  Metrics 


Want  metrics  that  are  reli¬ 
able,  easy  to  use  and  clear? 

Check  out  our  online  Metrics 

column.  We  run: 

•  BRIEFS  (Were  your 
e-commerce  sales  among 
the  nearly  $12.5  billion  in 
the  second  quarter  of 
2003?) 

•  FLASH  CHARTS  (Are  you 
one  of  the  4  percent  of 
CIOs  who  expect  to 
decrease  their  IT  staff  in 
2003?) 

•  REPORTS  that  go  behind 
the  numbers  to  the  people 
who  found  the  data  in  the 
first  place. 

Go  to  www2.cio.com/metrics. 

cio.com 


would  be  willing  to  set  up  a  program  to  find  them,  but  no  one 
has  asked  them  to  do  it. 

These  are  all  metrics  missteps  that  routinely  derail  projects  or 
lead  to  costly  and  incorrect  decisions.  But  using  numbers  correctly 
is  a  skill  that  can  be  learned.  Read  on  for  some  specific  advice  on 
how  to  help  your  enterprise  use  numbers  in  more  powerful  ways. 

Five  Steps  to  Ensure  Reliable  Metrics 

You  can  use  several  methods  to  make  your  staff  and  manage¬ 
ment  aware  of  the  pitfalls  of  mis¬ 
using  numbers.  Here  are  some  ways 
to  strengthen  your  organization’s 
metric  sawy-ness: 

Conduct  Sensitivity  Education 
Alert  both  management  and  staff  to 
the  promises  and  pitfalls  of  metric 
usage.  Help  them  to  become  more 
sensitive  to  metric  fumbles,  as  well 
as  home  runs.  Assist  hard-core 
numbers  people  in  getting  more  comfortable  with  solid  guessti¬ 
mates  built  on  informed  analysis. 

Apply  the  Metric  Trustworthiness  Test  Apply  this  three-way 
test  to  all  metrics:  1.  Is  the  metric  clearly  defined  and  explained? 
2.  Is  the  source  of  the  metric  visible  and  credible?  3.  Is  the  met¬ 
ric’s  story  readily  available  and  relevant  to  our  situation?  Trust¬ 
worthy  metrics  score  three  out  of  three  on  this  test. 

Actively  Seek  Industry  and  Vendor  Help  Identify  industry 
trade  associations,  industry  analysts  and  vendors  that  consis¬ 
tently  pass  the  Metrics  Trustworthiness  test.  Tell  them  what 
types  of  metrics  you  are  looking  for,  then  ask  for  their  help  in 
finding  them. 

Do  Internet  Research  Aggressively  Find  relevant  metrics 
from  studies  by  others.  Try  searching  the  Internet,  using  key¬ 
words  such  as  metrics  and  a  topic.  For  example,  a  Google 
search  using  the  keywords  metrics  and  help  desk  brings  a 
wealth  of  information  for  a  help  desk  business  case. 

Publish  Internal  Guidelines  Publicize  the  organization’s 
view  concerning  what  types  of  metrics  are  valid,  why  and  where 
to  find  them. 

Projecting  a  healthy  skepticism  toward  numbers  dealing  with 
IT  value  can  help  turn  metric  disrespect  into  metric  success. 
Like  many  good  things  in  life,  however,  success  at  “metricifi- 
cation”  requires  a  modicum  of  education,  discipline  and  per¬ 
sistent  follow-up.  Fortunately,  it’s  worth  it.  BE] 


Jack  Keen  is  founder  and  president  of  the  IT  consultancy 
The  Deciding  Factor  ( www.decidingfactor.com )  and 
coauthor  of  Making  Technology  Investments  Profitable: 
ROI  Road  Map  to  Better  Business  Cases.  He  can  be 
reached  at  jack_keen@compuserve.com. 


5  2 


CIO  OCTOBER  1,  2003 


www.cio.com 


Any  system  can  store  data. 

You  need  to  store  content. 


Q£« 
LU  S 
CO'u, 

2* 


in  i 
o, 


Training  video  is  content.  Seismic  studies  are  content.  And  so  are  CAT 
scan  images,  PDF  files,  audio  dips  and  presentations.  According  to  the 
analysts,  an  avalanche  of  content  is  about  to  land  on  top  of  your  data  center. 
Are  you  ready?  With  a  Sony  PetaSite®  data  tape  library,  you  will  be. 

Sony's  PetaSite  libraries  extend  beyond  terabytes  into  petabytes— to 
keep  abreast  of  your  growing  storage  needs.  SAIT  PetaSite  libraries 
leverage  the  world's  highest  capacity  data  cartridge'— SAIT— to  achieve 
the  highest  storage  density.  So  you  save  precious  data  center  space.  SAIT 
also  offers  the  lowest  tape  cost  per  gigabyte.”  So  you  save  money.  Or 
choose  Sony's  DTF-2  PetaSite  libraries,  which  have  lightning-fast  loading 
and  file  access.  So  you  also  save  time. 


Sony  PetaSite  libraries  are  ideal  for  backup,  archiving  and  Hierarchical 
Storage  Management.  Sony  PetaBack®  and  PetaServe®  solutions  give 
you  even  greater  flexibility. 


Sony  PetaSite  libraries.  The  Work  Smart  solution  for  storing  content. 


Work  Smart.  Work  Sony. 

•Source:  Storage  Analytics'  Tape  Format  Facts.  1/24/03 
••Media  comparison  based  on  MSRPs  of  SAIT.  LTO,  AIT-3  and  SDLT  mid-range  formats  as  featured  in  CDW.  1/23/03 


VISIT  WWW.SONY.COM/DATASYSTEMS  OR  CALL  800-829-7669  FOR 
MORE  INFORMATION  ON  SONY'S  PETASITE  SOLUTIONS. 


SATTDATAST0RA6E 


■ 

©  2003  Sony  Electronics  Inc.  AU  rights  reserved.  Reproduction  in  whole  or  in  part  without  written  permission  is  prohibited.  Features  and  specifications  are  subject  to  change  without  notice.  Sony.  PetaBack.  PetaServe  and  PetaSite  are  trademarks  of  Sony. 


SPECIAL  REPORT 


THE  STANDARDS 

Page  54 


Why  conflicting  Web 
services  standards  are 
emerging 

The  threat  of  fees  and 
licensing  restrictions 

What  CIOs  can  do 
to  ensure  future 
interoperability 


THE  EARLY  ADOPTERS 

Page  64 


Benefits  for  using  Web 
services  now 

Five  major  risks  con¬ 
fronted  by  early  adopters 

How  early-mover 
companies  are 
mitigating  those  risks 


54  CIO  OCTOBER  1.  200 


Everyone  wants  Web  services  standards. 

CEOs  think  the  technology  will  create  new  opportunities. 

CFOs  believe  it  will  save  millions. 

Vendors  see  a  pot  of  gold  at  the  end  of  the  Web  services  rainbow. 
And  CIOs  know  that  linking  to  customers  and  partners  over  the 
Internet  will  revolutionize  both  business  and  IT. 

So  what’s  the  holdup? 

The  usual  suspects:  Politics.  Ego.  Suspicion.  Fear.  Greed. 

BY  CHRISTOPHER  KOCH 


ts  already  a  given:  Your  company  is  going  to 
waste  money  on  Web  services. 

Research  company  Gartner  predicts  American  business  is 

going  to  squander  $1  billion  on  misguided  Web  services  proj- 

;  ‘,4 

ects  by  2007.  Exactly  how  much  of  that  will  come  out  of 
your  pocket  depends  in  part  on  how  many  confusing,  over¬ 
lapping  Web  services  standards  emerge  in  the  next  few  years. 
Right  now,  it  looks  like  there’s  going  to  be  a  lot  of  them. 
The  Web  services  standards  process  began  to  fall  apart 
this  year.  No  fewer  than  four  organizations — Liberty 
Alliance,  Oasis,  W3C  and  WS-I — are  vying  to  preside  over 
the  process,  each  with  different  goals,  each  with  differing 
degrees  of  power  and  influence. 

And  two  opposing  camps  of  vendors  have  emerged:  an 
uneasy  alliance  of  IBM  and  Microsoft  versus  nearly  every¬ 
one  else.  Both  groups  are  busy  duplicating  each  other’s  work. 


Both  are  proposing  Web  services  specifica¬ 
tions — some  proprietary,  some  not — with 
unclear  patent  and  licensing  implications  for 
CIOs.  In  an  arena  as  complex  as  Web  serv¬ 
ices,  confusion  is  not  a  good  thing.  But  right 
now,  that’s  the  situation. 

The  Web  services  vision  is  grand:  a  uni¬ 
versal  set  of  communications  protocols  to 
enable  computer  systems  and  business 
processes  to  seek  each  other  out  over  the 
Internet,  lonely  hearts  style,  and  have  deep, 
meaningful  interactions  with  no  human 
intervention.  Even  in  today’s  rudimentary 
state,  Web  services  standards  such  as  simple 
object  access  protocol,  or  SOAP  (see  “Core 
Web  Services  Standards,”  Page  58,  for  the 
list  of  current  standards),  are  proving  to  be 
valuable  integration  technologies.  A  Gart¬ 
ner  survey  of  110  companies  found  that 
54  percent  are  already  working  on  Web 
services  projects  or  have  plans  to  begin  soon, 
and  IDC  (a  sister  company  to  C/O’ s  pub¬ 
lisher)  estimates  that  companies  will  do 
$2.2  billion  worth  of  Web  services  projects 
in  2003  and  $25  billion  in  2008. 

“The  potential  revenue  impact  of  these 


www.cio.com  •  OCTOBER  1,  2003  CIO  55 


Special  Report  Web  Services  The  Standards 


standards  is  enormous,”  says  Whit 
Andrews,  research  director  for  Gartner.  But 
the  very  size  of  that  financial  prize  waiting 
for  the  winners  of  the  Web  services  stan¬ 
dards  competition  makes  it  “difficult  to 
remain  involved  in  a  standards  effort  that 
involves  your  competitor,”  he  adds.  Gartner 
goes  so  far  as  to  predict  that  the  alliance 
between  IBM  and  Microsoft  will  break 
down  by  the  end  of  this  year,  given  that  the 
companies  are  direct  competitors  in  the 
application  server  and  database  markets  that 
make  the  biggest  use  of  Web  services. 

“That’s  silly,”  responds  IBM  spokesman 
Steven  Eisenstadt.  Steven  VanRoekel,  Micro¬ 


soft’s  director  of  platform  strategy,  says,  “I 
couldn’t  speculate  on  how  long  things  will 
go  [between  Microsoft  and  IBM].” 

And  what  about  the  users?  Where  are  the 
CIOs? 

Some  companies  have  gotten  involved 
with  the  standards-setting  organizations, 
including  financial  services  heavyweights 
such  as  Fidelity  Investments  and  J.P.  Mor¬ 
gan  Chase,  as  well  as  some  forward-thinking 
manufacturers  such  as  GM  and  health-care 
giant  Kaiser  Permanente.  But  they  remain 
the  minority  in  organizations  that,  by  default, 
are  overwhelmingly  dominated  by  vendors. 

“CIOs  haven’t  gotten  involved  because 


it’s  a  big  time  commitment,  so  they  say,  You 
vendors  figure  it  out,”  says  Eric  Austvold, 
research  director  for  AMR  Research. 
“That’s  like  putting  the  fox  in  charge  of  the 
henhouse.” 

If  CIOs  continue  to  stand  on  the  sidelines, 
they  may  very  well  end  up  with  no  chickens, 
forced  to  choose  from  among  multiple  Web 
services  standards  that  may  not  interoperate, 
may  have  limited  life  spans,  and  may  come 
with  fees  or  other  onerous  patent  and  licens¬ 
ing  requirements. 

And  if  so,  CIOs  can  start  ticking  off  their 
shares  of  that  wasted  $1  billion  right  now. 

FEAR  OF  FEES 

Contrary  to  the  hype  that  surrounds 
Web  services,  there  is  no  guarantee 
that  the  technology  will  continue  to 
follow  the  path  it  has  followed  so  far,  which 
is  that  it  is  free  and  comes  with  limited 
restrictions. 

In  fact,  the  free  model  for  Web  services 
already  has  been  tested  and  has  just  barely 
survived.  In  the  spring  of  2002,  just  as  stan¬ 
dards  organization  Oasis  was  about  to  rat¬ 
ify  the  specification  for  ebXML  (electronic 
business  using  extensible  markup  language, 
designed  to  help  companies  transact  busi¬ 
ness  across  borders  and  languages),  IBM 
announced  that  it  held  patents  for  a  piece  of 
the  specification  and  that  it  would  offer  it 
under  a  licensing  model  called  Reasonable 
and  Non-Discriminatory  (RAND).  If  that 
had  stood,  vendors  would  have  had  the 
right  to  charge  fees  and  apply  usage  restric¬ 
tions  to  individual  users  of  the  software  on 
a  case-by-case  basis.  But  after  other  con¬ 
tributors  to  the  specification,  including  the 
United  Nations,  claimed  that  IBM  previ¬ 
ously  had  pledged  that  its  work  would  be 
royalty-free,  IBM  issued  a  statement  saying 
it  would  relinquish  any  rights  to  fees.  “We 
were  happy  to  clarify  that  we  did  not  intend 
to  charge  a  fee  when  we  realized  that  some 
of  the  industry  was  confused,”  says  IBM 
spokesman  Eisenstadt.  “We  had  never  pro¬ 
posed  that  we  would  charge  a  royalty;  we 
were  simply  following  the  process  as 
defined  by  the  standards  body.” 


PHOTO  BY  FURNALD/GRAY 


The  Standards  Scorecard 

You  can’t  tell  the  organizations  apart  without  one.  Who’s  who,  and  what’s  what. 


OASIS 

| 

What  It  Is:  Founded  in  1993 
under  the  name  SGML  Open, 
the  Organization  for  the 
Advancement  of  Structured 
Information  Standards  worked 

( 

on  the  standard  generalized 
markup  language  until  XML 
came  along  in  1998.  Then  it 
shifted  its  focus  to  XML  and 
later  Web  services. 

Its  Agenda:  Oasis  focuses  on 
the  high-level  Web  services 
used  in  applications.  It  lets  indi- 

I 

vidual  technical  committees 
decide  whether  they  want  to 
consider  specifications  that 
have  royalties  attached  to  them. 


W3C 

What  It  Is:  Founded  in  1994  by 
the  inventor  of  the  Web,  Tim 
Berners-Lee,  the  World  Wide 
Web  Consortium  is  famous  for 
Internet  standards  such  as 
HTTP  and  HTML. 

Its  Agenda:  Though  it  has  tradi¬ 
tionally  focused  on  the  Web 
infrastructure  level,  W3C  has 
moved  into  Web  services  as  an 
extension  of  its  core  standards 
like  XML.  All  submissions  it 
ratifies  into  standards  must  be 
free  of  royalty  fees. 


WS-I 

|  What  It  Is:  Founded  in  February 
!  2002  by  Microsoft,  IBM  and 
seven  other  vendors,  the  Web 
Services  Interoperability 
Organization  focuses  on  devel¬ 
oping  tested  implementations 
|  of  Web  services  standards  in 
packages  called  profiles.  Sun 
has  called  it  "a  shadow  govern- 
'  ment  for  standards.” 

Its  Agenda:  To  deliver  installa¬ 
tion-ready  Web  services  pack- 
ages,  complete  with  tools  and 
guidelines. 


LIBERTY  ALLIANCE 

I 

What  It  Is:  Cofounded  by  Sun 
|  in  2001,  Liberty  Alliance's 
mission  is  to  develop  Web 
services  specifications  for 
j  identity  management  using 
security  assertion  markup 
language,  an  Oasis  security 
standard. 

Its  Agenda:  Liberty  focuses 
exclusively  on  identity  manage- 
I  ment  and  security  issues. 


Both  Eisenstadt  and  Microsoft’s  Van- 
Roekel  say  their  companies  will  not  charge 
royalties  for  the  specifications  that  they 
offer  to  standards  bodies.  But  both  com¬ 
panies  will  continue  to  use  RAND  licensing 
for  their  specifications,  which  means  that 
other  restrictions  could  be  placed  on  the 
use  of  the  technology. 

Web  services  needs  to  be  free  of  cost  and 
other  license  restrictions  if  the  industry  and 
its  customers  are  to  adopt  them  on  a  broad 
enough  scale  to  make  interoperability  a 
reality,  say  standards  believers.  If  the  vision 
for  Web  services  comes  true,  and  compa¬ 
nies  use  these  standards  as  they  use  HTTP 
and  HTML — that  is,  constantly — then  roy¬ 
alties  on  Web  services  could  become  like  a 
tollbooth  for  business  on  the  Internet,  chip¬ 
ping  money  out  of  every  transaction  that 
crosses  the  wires. 

Worries  about  intellectual  property  led 
one  standards  organization,  W3C  (the 
World  Wide  Web  Consortium),  to  adopt  a 
policy  that  all  specifications  it  ratifies  into 


standards  must  be  free  of  fees  and  other 
restrictions.  In  addition,  companies  sub¬ 
mitting  specifications  for  consideration  as 
standards  must  declare  their  licensing  and 
patent  intentions  up  front  before  the  stan¬ 
dard  comes  to  a  vote. 

Critics  say  that  has  driven  Microsoft  and 
IBM  into  the  arms  of  another  standards 
organization,  Oasis  (Organization  for  the 
Advancement  of  Structured  Information 
Standards),  which  has  less  rigorous  require¬ 
ments  regarding  patent  and  royalty  issues. 
“At  Oasis,  we  do  have  a  policy  that  allows 
for  specifications  to  have  patent  claims,” 
says  Patrick  Gannon,  the  organization’s 
president  and  CEO.  “The  result  is  that  over 
90  percent  of  the  specifications  from  Oasis 
have  no  royalty  related  to  them.” 

But  it’s  that  last  10  percent  that  has  peo¬ 
ple  worried.  Web  services  standards  are  like 
pieces  in  a  puzzle:  Most  are  dependent  on 
other  pieces  to  make  a  whole.  If  just  one  of 
the  necessary  pieces  has  royalties  or  restric¬ 
tions  attached  to  it,  the  system  is  not  free. 


WHY  STANDARDS  OVERLAP 

n  June  2002,  a  vendor  coalition  led  by 
Sun  Microsystems  wrote  a  specification 
called  WSCI  (Web  Services  Choreography 
Interface,  or  Whiskey,  in  geek-speak).  A  few 
months  later,  IBM,  Microsoft  and  a  few 
other  vendors  offered  up  BPEL4WS  (Busi¬ 
ness  Process  Execution  Language  for  Web 
Services),  a  specification  that  overlapped 
with  WSCI.  W3C  formed  the  Web  Services 
Choreography  Working  Group  to  consider 
the  specifications.  At  the  first  meeting,  a 
researcher  from  Microsoft  showed  up  “to 
determine  if  he  wanted  to  join  the  working 
group,”  says  Microsoft’s  VanRoekel. 

David  Chappell,  Sonic  Software’s  chief 
technology  evangelist  and  a  member  of  the 
W3C  working  group,  remembers  the  meet¬ 
ing  well.  He  says  the  representative  from 
Microsoft  and  one  from  BEA  Systems  “were 
clear  that  there  was  this  other  BPEL  initia¬ 
tive,  and  they  said,  ‘The  wishes  of  both 
Microsoft  and  BEA  are  that  the  group  focus 
on  things f that  are  complementary  to  BPEL 


www. cio.com  •  OCTOBER  1,  2003  CIO  57 


Special  Report 


Web  Services 


The  Standards 


and  not  competing,’”  recalls  Chappell.  “The 
response  from  the  group  was,  ‘We’ll  take 
that  under  advisement.’  So  Microsoft  said, 
‘We’re  not  going  to  participate.’”  The 
Microsoft  representative  never  returned, 
although  BEA  continued  to  be  a  part  of  the 
group.  IBM  does  not  have  a  representative  in 
the  group. 

Microsoft’s  VanRoekel  says  the  researcher 
made  the  decision  whether  to  join  the  group 
meeting  as  an  individual,  “independent  of 
him  being  a  member  of  the  Web  services 
group  at  Microsoft.”  But  the  damage  had 
been  done.  Some  vendors,  most  notably  Ora¬ 
cle  and  Sun,  took  it  as  a  snub  and  a  signal 
that  IBM  and  Microsoft  were  going  to  go 
their  own  way  on  Web  services. 

Indeed,  Microsoft  and  IBM  took  their 
BPEL  specification  (which  each  had  been 
working  on  for  years  and  had  embedded 
into  their  products)  to  Oasis  and  formed  a 
committee  to  begin  working  on  a  standard. 
Responding  to  complaints  about  potential 
confusion  and  duplication,  Oasis  and  W3C 
established  liaisons  to  coordinate  work 
between  the  two  groups  to  try  to  avoid 
overlap. 

As  of  this  writing,  they’re  still  working 
at  it. 

OASIS  VERSUS  W3C: 

TITANS  CLASH  BY  PROXY 

f  there’s  a  driving  force  behind  the  grow¬ 
ing  competition  between  Oasis  and  W3C, 
it’s  less  the  organizations  themselves  than 
it  is  their  predominantly  vendor  member¬ 
ship.  They’re  split  into  two  major  camps: 
IBM  and  Microsoft  on  one  side  and  Sun  and 
(usually)  Oracle  on  the  other,  with  smaller 
vendors  trailing  in  the  wake  of  both.  IBM 
and  Microsoft  worked  together  to  build  the 
first  major  Web  services  specification,  SOAP, 
that  they  offered  to  W3C  for  consideration 
in  2000  (W3C  later  modified  and  ratified  it 
as  a  standard  in  June  2003).  In  April  2001, 
IBM  and  Microsoft  submitted  a  road  map 
to  W3C  of  the  specifications  that  they 
believed  needed  to  be  added  in  and  around 
SOAP  to  fill  out  the  Web  services  stack,  as  it 
is  known. 


IBM  and  Microsoft  have  followed  that 
road  map  ever  since,  publishing  20  different 
specifications  for  Web  services.  Critics  say 
the  plan  is  both  an  impressive  technological 
vision... and  a  rationale  for  excluding  other 
vendors — and  even  the  standards  organiza¬ 
tions — from  the  process.  Of  the  20  specifi¬ 
cations,  only  two  have  been  submitted  to  any 
standards  organization  for  consideration. 
Critics  charge  that  the  others  are  being  held 
back  while  the  two  companies  work  to  per¬ 
fect  them  and  build  them  into  their  products, 
thereby  giving  them  an  advantage  in  the 
market. 

“If  you  look  at  the  pattern  of  behavior 
that’s  been  established  by  Microsoft  and 
IBM,  it’s  clear  that  they  want  to  create  spec¬ 
ifications  in  a  vacuum  without  input  and 
hold  them  close  to  the  vest  while  they 
develop  them  in  their  products  and  then 
release  them  to  the  standards  organizations,” 
says  Ed  Julson,  group  manager  of  Web  serv¬ 
ices  standards  and  technology  for  Sun. 


Core  Web 

Services 

Standards 


XML  (extensible  markup  language) 
The  lingua  franca  of  Web  services. 
All  Web  services  can  communicate 
in  XML 

SOAP  (simple  object  access  proto¬ 
col)  A  communications  protocol  for 
Web  services. 

WSDL  (Web  services  description 
language)  An  XML-based  language 
for  describing,  finding  and  using 
Web  services. 

UDDI  (universal  description,  discov¬ 
ery  and  integration)  A  phone  direc¬ 
tory  for  Web  services  that  lists 
available  Web  services  from  differ¬ 
ent  companies,  their  descriptions 
and  instructions  for  using  them. 


“We’ve  worked  together  with  industry 
partners  to  be  sure  that  the  standards 
process  starts  with  a  well-defined  proposal,” 
responds  IBM’s  Eisenstadt. 

When  Microsoft  and  IBM  do  offer  up 
their  specifications  for  input,  critics  say,  it’s 
usually  behind  closed  doors  rather  than  in 
the  open  forum  of  a  standards  meeting. 
Sonic’s  Chappell  recalls  being  invited  to 
Microsoft’s  headquarters  in  Redmond  to 
view  two  Web  services  specifications.  “IBM 
and  Microsoft  were  being  hammered  for 
going  off  and  doing  their  own  thing,”  he 
says,  “so  this  was  viewed  as  a  way  of  open¬ 
ing  things  up.”  But  Chappell  says  he  had  to 
sign  an  agreement  saying  he  would  not  dis¬ 
cuss  the  specifications  with  anyone  else  and 
that  anything  he  contributed  to  the  devel¬ 
opment  would  become  the  intellectual 
property  of  the  companies  writing  the 
specifications. 

Microsoft’s  VanRoekel  says  his  company 
does  not  require  visiting  vendors  to  sign 
nondisclosure  agreements.  “You’re  welcome 
to  talk  about  what’s  going  on,”  he  says.  But 
he  says  Microsoft  does  make  them  sign  a 
feedback  agreement  that  stipulates  that  “if 
you  come  and  offer  input  on  this  technol¬ 
ogy,  then  that  input  must  be  made  available 
royalty-free.”  He  adds  that  Microsoft  plans 
to  publish  results  of  vendor  feedback  ses¬ 
sions  on  a  public  website  this  fall. 

Critics  say  Microsoft  and  IBM’s  strategy 
of  writing  specifications  outside  of  the  stan¬ 
dards  groups  limits  give-and-take.  “It’s  turn¬ 
ing  into  a  proxy  war  where  Microsoft  and 
IBM  are  coming  up  with  what  they  feel  will 
be  the  standards  and  shopping  them  around 
to  see  who  will  rubber-stamp  them,”  says 
an  official  from  a  standards  group  who 
requested  anonymity.  “If  one  won’t  take  it, 
they  take  it  to  the  other.  They’re  playing 
W3C  and  Oasis  off  against  each  other.” 

Last  January,  another  conflict  broke  out 
between  the  two  vendor  camps,  this  time 
within  Oasis.  After  a  coalition  of  vendors 
led  by  Sun,  Oracle  and  Sonic  submitted  a 
specification  to  ensure  reliable  delivery  of 
messages  (called  Web  Services  Reliability) 
and  formed  a  committee,  Microsoft  and 


58  CIO  OCTOBER  1,  2003  •  www.cio.com 


PHOTO  BY  FURNALD/GRAY 


PATRICK  GANNON 
CEO,  Oasis 

According  to  Gannon, 
about  30  percent  of 
Oasis’s  membership 
comes  from  user 
companies,  but  the 
number  active  on  the 
technical  committees 
is  much  smaller. 


IBM  published  their  own  specification  called 
WSReliability,  which  has  not  yet  been  sub¬ 
mitted  to  any  standards  organization. 

Microsoft’s  VanRoekel  says  his  company 
is  simply  following  the  road  map  it  submit¬ 
ted  to  W3C.  “The  reason  we  take  this 
approach  is  to  make  sure  the  specifications 
are  well-engineered,  have  a  fast  time  to  mar¬ 
ket  and  have  something  we  call  compos- 
ability,  which  means  they  work  well  with 
the  other  pieces  out  there,”  he  says.  “What 
has  typically  happened  in  the  standards  bod¬ 
ies  where  you  design  by  committee  is  that 
the  end  product  is  so  open  for  loosely  inter¬ 
preted  implementation  that  you  end  up  not 
having  technology  that  will  work  with  other 
pieces  that  have  been  developed  out  in  the 
industry.” 

END  RUN  AROUND  THE 
STANDARDS  BODIES 

n  February  2002,  Microsoft  and  IBM, 
along  with  seven  other  vendors,  founded 
the  Web  Services  Interoperability  Orga¬ 
nization,  or  WS-I  (famously  excluding  Sun 
from  the  group’s  board  at  first,  but  later 
allowing  it  to  join).  WS-I  is  not  a  standards 
organization  per  se,  but  it  combines  differ¬ 
ent  Web  services  pieces  in  an  installation- 
ready  package.  It  calls  these  packages  of 
Web  services  “profiles,”  and  offers  tools 
and  guidelines  for  installing  them.  The  first 
profile,  called  the  Basic  Profile,  was  released 
last  August. 

“[WS-I  is]  a  supra-standards  body  that 
ratifies  which  of  these  standards  will  be  the 
baseline  for  Web  services,”  says  Dan 
Sholler,  vice  president  and  director  of  tech¬ 
nology  research  services  at  Meta  Group. 

The  problem,  critics  say,  is  that  WS-I  can 
pick  and  choose  the  pieces  it  wants  to 
include  in  the  profiles.  “With  WS-I, 
Microsoft  and  IBM  have  set  up  a  shadow 
government  for  standards,”  charges  Susy 
Struble,  program  manager  of  Web  standards 
and  technologies  for  Sun. 

The  first  profile,  for  example,  contains 
versions  of  SOAP  and  WSDL  (Web  services 
description  language)  that  were  never  rati¬ 
fied  as  standards  by  W3C  but  are  included 


in  Microsoft  and  IBM  products.  But  W3C 
has  approved  versions  of  SOAP  and  WSDL 
that  have  been  modified  from  the  versions 
contained  in  the  WS-I  profile.  That  means 
CIOs  are  being  presented  with  two  different 
versions  of  the  core  standards  for  Web 
services. 

“These  standards  are  always  evolving,” 
says  Microsoft’s  VanRoekel,  who  is  a  mem¬ 
ber  of  the  marketing  committee  for  WS-I. 
“W3C  ratified  SOAP  late  in  the  process  of 
putting  together  the  first  profile.  [The  W3C 
standard  version]  will  be  incorporated  into 
the  next  profile.”  IBM’s  Eisenstadt  agrees, 
adding,  “These  versions  of  SOAP  and 
WSDL  have  the  broad  industry  adoption 


that  is  needed.” 

But  what  if  competing  standards  come 
out  of  W3C  and  Oasis? 

“Multiple  proposals  indicate  lots  of  inter¬ 
est — it’s  not  evil,”  says  IBM’s  Eisenstadt. 
“The  market  should  decide  which  proposals 
are  best.  Interoperability  is  the  whole  point 
of  Web  services,  so  single  standards  will 
emerge.” 

Adds  VanRoekel,  “WS-I  will  take  a  look 
at  what  customers  are  implementing  and 
decide  [which  standard  to  include  in  a  pro¬ 
file]  based  on  that.”  He  encourages  those 
with  concerns  about  the  process  to  join 
WS-I.  “IBM  and  Microsoft  aren’t  the  only 
members  of  WS-I,”  he  says.  “We  don’t 


www.cio.com  •  OCTOBER  1,  2003  CIO  59 


Special  Report  Web  Services 


The  Standards 


decide  what  the  WS-I  does.” 

Indeed,  Microsoft  and  IBM  are  not 
alone  in  contributing  to  the  confusion.  Sun 
has  cofounded  its  own  standards  group, 
Liberty  Alliance,  to  develop  a  Web  services 
standard  for  identity  management  that  uses 
SAML  (security  assertion  markup  lan¬ 
guage),  an  Oasis  security  standard. 
(Microsoft  and  IBM  have  released  a  speci¬ 
fication  called  WS-Security  that,  according 
to  Sai  Allavarpu,  group  manager  of  Sun 
One  Network  Identity,  treads  near  the 
same  turf.) 

But  with  their  combined  market  clout, 
Microsoft  and  IBM  have  the  power  to  push 


their  own  specifications  and  ignore  others 
to  death.  At  least  that’s  what  AMR’s 
Austvold  predicts  will  happen  to  the  WSCI 
business  process  specification  now  before 
W3C.  “That’s  going  to  be  dead  within 
24  months,”  he  says. 

“Can  you  have  a  standard  without 
Microsoft’s  and  IBM’s  participation?”  asks 
Meta  Group’s  Sholler.  “Yes.”  But  if  that 
standard  does  not  appear  on  the  Windows 
platform,  which  commands  upward  of 
95  percent  of  the  PC  market  in  the  United 
States,  and  does  not  appear  in  IBM’s  Unix 
and  mainframe  platforms,  will  anyone  use 
it?  he  asks. 


DAVE  WATSON 
CTO 

Kaiser  Permanente 


“I’d  love  to  get  everyone  to  say 


there’s  one  set  of  standards 

and  keep  overt  agendas  at 
the  door.  But  unfortunately 
the  agendas  that  form  these 
groups  don’t  allow 
Dig  deep  enough  int 
woodpiles  of  these 
organizations, 
always  find  a 


WHY  CANT  WE  ALL  JUST  GET 
ALONG? 


Microsoft  and  IBM  have  invested  a 
good  deal  of  marketing  money — 
and  a  lot  of  good  technology — into 
Web  services  to  build  the  perception  in  the 
market  that  they  are  making  it  happen. 
Other  vendors  want  their  customers  to  think 
the  same  of  them. 

“I  am  not  sanguine  about  there  being  a 
successful  outcome  for  Web  services  because 
it  looks  to  me  like  there  is  an  increasing  like¬ 
lihood  of  fragmentation  and  confusion  in  the 
market  rather  than  a  convergence,”  says 
Don  Deutsch,  vice  president  of  standards 
strategy  and  architecture  for  Oracle.  “We  go 
into  a  standards  endeavor  with  the  objective 
of  defining  things  of  common  interest  that 
will  create  a  new  market,  or  improve  an 
existing  market,  so  we  can  all  compete  on 
price  and  performance.  If  there  are  some 
members  who  don’t  believe  they  can  partic¬ 
ipate  on  an  equal  basis,  then  historically  the 
competition  begins  and  fragmentation 
begins.  That  confuses  customers,  and  when 
customers  are  confused,  they  don’t  buy 
because  they  don’t  know  what  to  buy.” 

Ironically,  if  the  alliance  between  IBM  and 
Microsoft  breaks  down,  things  could  get 
even  worse.  If  the  two  leading  vendors  in 
Web  services  were  to  begin  sending  compet¬ 
ing  specifications  to  the  different  standards 
organizations  for  approval,  forget  about 
attaining  a  single  set  of  interoperable  stan¬ 
dards  soon,  if  ever.  Regardless  of  what  hap¬ 
pens  between  IBM  and  Microsoft,  however, 
as  long  as  vendors  remain  split  and  standards 
organizations  continue  to  allow  conflicting 
work  inside  their  organizations,  the  Web 
services  standards  movement  will  continue 
to  be  disrupted  by  confusion,  delay  and  the 
possibility  of  duplicate,  conflicting  standards 
emerging.  For  CIOs,  that  could  translate  into 
slow,  expensive,  dead-end  projects  at  a  time 
when  Web  services  could  be  saving  them 
time  and  money  in  a  tough  economy. 

“One  of  the  things  that  would  be  nice  is 
if  this  alphabet  soup  of  standards  groups 
would  get  together  and  say  we’re  all  about 
delivering  a  single  standard,”  says  Dave 


PHOTO  BY  ANDY  FREEBERG 


Exclusive! 


Baylor  goes  to  the 
head  of  the  IT  class. 


Baylor  University 

Deploys  Business-Driven  Network.™ 

Serving  the  educational  and  recreational  needs  of  1 4,000  students  is  a  tall  order 
for  any  IT  department.  You  have  to  ensure  access  to  critical  classroom  resources 
as  well  as  provide  the  Internet  and  e-mail  services  expected  by  today’s 
technology-sawy  students.  And  security  cannot  be  compromised. 

That’s  why  Baylor  University  turned  to  Enterasys  and  its  unique  Secure  Networks 
solution.  Through  a  simple-to-administer  interface,  IT  managers  can  assign  very 
specific  access  privileges  that  stay  with  students  wherever  or  however  they  log 
on.  From  class  or  the  residence  hall.  Wired  or  wireless. 


Secure  Networks  Webcast 


The  network  runs  smoother.  Security  is  pervasive.  And  students  are  happy. 


Don’t  miss  this  informative  webcast 
featuring  Gartner  and  other  industry  experts  as 
we  address  the  best  practices  for  deploying 
enterprise-wide  security. 

Register  now! 

Visit  us  at  itworld.com/enterasyssecurity 


Get  the  full  story  at  enterasys.com/baylor 

- ENTERASYS 

NETWORKS™ 


Special  Report 


Web  Services 


The  Standards 


Watson,  vice  president  and  CTO  of  Kaiser 
Permanente,  which  is  active  in  WS-I.  “I’d 
love  to  get  everyone  to  say  there’s  one  set  of 
standards  and  collapse  at  least  four  different 
discussions  into  one  and  keep  overt  agen¬ 
das  at  the  door,  because  you  don’t  serve  cus¬ 
tomers  that  way.  But  [unfortunately]  the 
agendas  that  form  these  groups  [don’t  allow 
that].  Dig  deep  enough  into  the  woodpiles  of 
these  standards  organizations,  and  you’ll 
always  find  a  vendor  as  the  mommy  or 
daddy.” 

THE  BUSINESS  OF  STANDARDS 
IS  BUSINESS 

f  there  is  a  force  that  can  keep  the  Web 
services  standards  movement  from  blow¬ 
ing  up,  it  is  CIOs.  But  few  CIOs  have  the 


vendors  feed  them.” 

Besides  the  obvious  bandwidth  issues, 
many  CIOs  say  that  with  the  shift  to  pack¬ 
aged  software  in  their  organizations,  they 
don’t  have  the  technical  expertise  to  con¬ 
tribute  much  to  standards  organizations.  But 
in  fact,  that’s  not  where  CIOs  are  most 
needed,  says  Sun’s  Struble:  “CIOs  should  be 
involved  in  the  early  requirements  phase,  the 
part  where  we  define  what  we  want  the 
standard  to  do.” 

Indeed,  those  CIOs  who  have  gotten 
involved  in  standards  organizations  have 
done  so  to  make  sure  that  what  emerges  is 
right  for  their  businesses.  “We  can  put  our 
requirements  on  the  table  and  have  a  dia¬ 
logue,”  says  Andrew  Comas,  who,  as  vice 
president  of  technology,  is  J.P.  Morgan 


Web  services  model.  For  GM,  the  issue  is 
the  OnStar  communications  network  it’s 
building  into  its  cars  and  trucks. 

But  the  link  between  Web  services  stan¬ 
dards  and  business  goes  even  deeper  for 
these  companies.  The  sooner  they  know 
where  the  standards  are  going,  the  sooner 
they  can  begin  shaping  their  architecture  to 
take  advantage  of  Web  services  faster  than 
their  competitors  can. 

“We  take  these  public  standards  and  add 
in  our  own  standards  and  pass  that  down 
into  the  organization,”  says  Adrian  Kunzle, 
who  is  cohead  of  the  architecture  group  at 
J.P.  Morgan  Chase’s  investment  banking 
division.  “Our  participation  in  standards 
groups  comes  from  the  fact  that  we’re  up 
front  about  creating  an  architecture  strat- 


“If  you  need  what  this  standards  activity  is  producing 

and  you  choose  not  to  play  at  some  level,  then  you  can’t  complain  about  the 

product  yOU  receive. -Kaiser  Permanente  CTO  Dave  Watson 


interest  or  resources  to  participate  in  the  dif¬ 
ferent  standards  organizations.  About  30 
percent  of  Oasis’s  membership  comes  from 
user  companies,  according  to  Gannon, 
though  the  number  of  user  members  who 
are  active  members  of  the  different  technical 
committees  is  much  smaller.  The  number  of 
members  in  each  of  W3C’s  four  different 
Web  services  working  groups  who  do  not 
sell  or  service  technology  does  not  rise  above 
10  percent,  and  in  most  cases  can  be 
counted  on  one  hand  (most  of  the  groups 
have  about  50  members).  At  WS-I,  the  user 
company  membership  is  less  than  10  per¬ 
cent.  Liberty  Alliance’s  user  membership  is 
just  under  30  percent. 

“The  structure  of  these  groups  is  back¬ 
ward,”  says  AMR’s  Austvold.  “The  users 
should  be  the  ones  creating  the  standards, 
and  the  vendors  [should  be]  adopting  them. 
Right  now,  users  have  to  take  what  the 


Chase’s  representative  at  WS-I.  “If  I’m  not  at 
the  table,  then  I’m  having  the  vendors  say 
what’s  best  for  us.” 

The  companies  that  are  involved  connect 
the  work  they  do  in  the  standards  organi¬ 
zations  to  their  core  businesses.  J.P.  Mor¬ 
gan  Chase  and  Fidelity  Investments  are 
concerned  about  the  speed  of  online  trans¬ 
actions  and  the  quality  of  products  pre¬ 
sented  to  customers  over  the  Internet. 
Kaiser  Permanente  cares  about  the  move¬ 
ment  of  online  health-care  transactions 
standards  known  as  HL7  from  EDI  to  a 


Share  Your  Opinion 


Do  you  become  part  of  the  standards  story,  or 
wait  it  out  on  the  sidelines?  Are  Web 
services  the  next  new  thing  or  the  newest 
headache?  Whatever  your  take  on  Web  serv¬ 
ices,  post  your  thoughts  at  ADD  A  COMMENT 
on  the  online  version  of  this  article. 

cio.com 


egy  for  our  organization.  We  want  to 
understand  where  they  are  going  early  so 
we  can  plan.” 

Of  course,  the  commitment  required  to 
participate  in  the  development  of  technical 
standards  is  considerable.  These  efforts  can 
go  on  for  years.  “On  a  topic  you’re  inter¬ 
ested  in,  it’s  easily  a  couple  of  hours  a 
week,”  says  Bill  Stangel,  enterprise  archi¬ 
tect  for  Fidelity.  He  says  Fidelity  has  a  dozen 
or  so  staffers  involved  part-time  with  vari¬ 
ous  technical  committees  in  standards 
organizations.  Other  companies  have  simi¬ 
lar  stories:  part-time  participation  of  any¬ 
where  from  six  to  10  staffers.  Not  a  bad 
investment,  they  say,  considering  the  insight 
it  gives  them. 

“Without  awareness  of  what’s  going  on 
with  standards,  it’s  game  over,”  says  Tony 
Scott,  CTO  for  GM,  which  is  actively 
involved  in  Liberty  Alliance.  “That  aware- 


62  CIO  OCTOBER  1,  2003  •  www.cio.com 


©  2003,  BearingPoint,  Inc.  All  rights  reserved. 


MARKET  SHARE  2008 


Your  competition 


The  future  doesn’t  play  favorites. 

It  has  no  winners  or  losers. 

It  has  no  trends ,  business  channels  or  emerging  markets. 
Because  the  future  hasn’t  happenedjet. 

It  is  a  blank  sheet.  A  clean  slate.  Uncharted. 

How  willjou  shape  it? 


An  unbiased  business  advisor  and  systems  integrator  provides  you  with  the  right  advice  and  solutions 

WITH  YOUR  BEST  INTERESTS  IN  MIND.  TOGETHER,  WE  CAN  CREATE  THE  FUTURE.  VISIT  BEARINGPOINT.COM. 


CONSULTING  ♦  SYSTEMS  INTEGRATION  ♦  MANAGED  SERVICES 


BearingPoint 


Business  and  Systems  Aligned.  Business  Empowered. 


ness  allows  my  organization  to  provide 
guidance  to  the  wider  IT  organization  inside 
GM  about  where  they  should  be  placing 
investment.  What’s  emerging,  what’s  chang¬ 
ing,  what’s  obsolete.” 

For  companies  that  cannot  afford  to  get 
involved  directly,  Scott  recommends  they 
try  to  exert  influence  with  their  vendors. 
“We  have  a  lot  of  clout,  obviously,”  says 
Scott.  “We  actively  engage  the  R&D  com¬ 
munity  in  areas  that  we  think  are  impor¬ 
tant.  If  we  start  asking  a  lot  of  questions 
about  a  particular  technology  or  standard, 
they  get  the  message.” 

Finally,  say  these  technology  executives, 
it’s  important  to  vote  for  standards  and 
interoperability  with  your  checkbook.  “The 
theme  of  interoperability  is  not  going  to  go 
away,”  says  Kaiser  Permanente’s  Watson, 
saying  he  wouldn’t  buy  a  product  if  it 
“complicated  the  interoperability  issue.” 

Standards  are  inextricably  linked  to  the 
future  of  business  through  the  Internet. 
That  they  are  floundering  today  means 
business  will  flounder  tomorrow. 

“Standards  are  the  basis  of  competition 
going  forward,”  says  GM’s  Scott.  “It’s  not 
just  your  ability  to  make  and  sell  that  mat¬ 
ters  anymore.  We  used  to  have  a  48-month 
product  development  cycle;  now  we’re 
down  to  18  months,  and  we’re  trying  to 
get  to  a  year.  When  you  have  that  kind  of 
rapid  change,  you  have  to  have  architec¬ 
tures  and  standards  and  interoperability.  If 
you  can  set  the  standard  or  drive  the  stan¬ 
dard,  that  enables  you  to  get  to  market 
faster  and  have  a  broader  market  than 
might  have  ever  been  the  case  prior  to 
today.  Think  of  standards  as  an  accelerator 
to  your  business.” 

But  you  can’t  affect  those  standards  if 
you  don’t  get  involved,  says  Kaiser  Perma¬ 
nente’s  Watson.  “If  you  need  what  this  stan¬ 
dards  activity  is  producing  and  you  choose 
not  to  play  at  some  level,”  he  says,  “then 
you  can’t  complain  about  the  product  you 
receive.”  rara 


Send  feedback  via  e-mail  to  Executive  Editor 
Christopher  Koch  at  ckoch@cio.com. 


Many  companies  are  jumping  into 
Web  services  before  standards  emerge. 
Sure,  there  are  risks.  Here’s  how  some 
early  adopters  are  managing  them. 


1  -  |  p  .  M  4, 


L  ,,  , 

I  ,  'ism. 


iijPilfi. 


otorola  has 


committed  to  the  enterprisewide  deployment  of  Web  services, 
with  the  full  knowledge  and  backing  of  Samir  Desai,  senior  vice 
president  and  CIO. 

Never  mind  that  Web  services  is  still  an  emerging  set  of  com¬ 
munications  protocols  that  most  vendors  do  not  fully  support. 

Never  mind  that  the  fulfillment  of  the  Web  services  promise  to 
simplify  integration  depends  on  standards  that  today  are  the  sub¬ 
ject  of  rancorous  debate  by  competing  vendors  and  standards 
organizations.  (See  “The  Battle  for  Web  Services,”  Page  54.) 

Never  mind  that  if  an  enterprise  such  as  Motorola  bets  on 
standards  that  are  eventually  abandoned,  its  dream  of  commu¬ 
nicating  cheaply  and  efficiently  with  customers  and  suppliers 
would  turn  into  a  nightmare  of  expensive  changes  and  upgrades. 

After  two  years  of  ever-expanding  pilots  at  Motorola,  the 
business  benefits  of  converting  hundreds  of  applications  into 


64  CIO  OCTOBER  1,  2003  •  www.cio.com 


SAMIR  DESAI 
CIO,  Motorola 


‘Most  cultural  change  pro¬ 
grams  fail.  Most  strategic 
change  programs  fail. 
Most  large  IT  programs 
fail  or  underperform. 

Aggressively  adopting 
Web  services  at  the 
enterprise  level  is  all 
three  combined.  So  the 
most  critical  decision  is 
to  see  how  not  doing  this 
can  be  competitively 
dangerous." 


Web  services  and  updating  the  company’s 
underlying  IT  architecture  to  support  them 
are,  according  to  Desai,  obvious  and  irre¬ 
sistible. 

“This  is  about  increasing  the  throughput, 
agility  and  cost-effectiveness  of  IT,”  says 
Desai.  “How  many  times  should  I  code  a 
credit  card  check?  With  Web  services  the 
answer  is  one.  In  the  past  no  one  really 
knew  the  answer,  but  it  was  a  much,  much 
larger  number.”  Merely  by  automating  stan¬ 
dard  transactions,  Web  services  promises  to 
save  a  huge  amount  of  effort  and  money. 

This  fall,  Desai  and  his  team  will  place 
bets  on  a  cadre  of  vendors  to  supply  the  plat¬ 
form  and  tools  for  a  multimillion-dollar 
effort  to  develop  and  operate  Web  services, 
both  internally  and  outside  the  firewall.  And 
as  Desai  acknowledges,  no  matter  the  antic¬ 
ipated  ROI,  it’s  still  a  gamble. 

If  standards  fail  to  evolve,  then  the  whole 

I  effort  is  cast  into  doubt.  “No  Web  services 

O 

^  standards  means  no  enterprise  Web  services. 

^  It’s  that  important,”  Desai  says.  Adds  Toby 

CO 

°  Redshaw,  Motorola’s  corporate  vice  presi- 

O 

if  dent  of  strategy,  architecture  and  e-business, 


V 


www.cio.com  •  OCTOBER  1,  2003  CIO  65 


Special  Report 


Web  Services 


The  Early  Adopters 


“If  you  back  the  wrong  vendors  and  the 
market  evolves  past  you,  the  vendors  go  out 
of  business  and  the  whole  learning  relation¬ 
ship,  the  whole  [return  on]  investment  sort 
of  goes  close  to  zero.” 

That’s  just  one  risk  among  many.  But 
diverse  companies  are  rolling  out  Web  serv¬ 
ices  in  defiance  of  these  and  other  risks, 
looking  for  early  mover  advantage,  ROI 
projected  in  the  millions,  and  huge  cost  sav¬ 
ings  over  developing  and  deploying  soft¬ 
ware  in  conventional  ways.  In  a  survey  that 
the  Cutter  Consortium  consultancy  con¬ 


ducted  earlier  this  year  of  250  clients, 
13  percent  said  they  were  already  using 
Web  services  for  business-critical  applica¬ 
tions  as  of  last  January,  while  54  percent 
said  they  were  developing  or  prototyping 
Web  services  applications. 

Early  adopters  are  betting  that  by  invest¬ 
ing  in  multiple  standards,  performing  extra 
due  diligence  on  vendors  and  keeping  a 
long-term  outlook,  the  effort  will  be  worth 
it.  Here’s  how  three  very  different  organi¬ 
zations — Motorola,  the  U.S.  Navy  and 
Wells  Fargo — are  addressing  five  major 


risks  of  Web  services  in  their  deployment 
strategies. 

RISK  NO.  1:  Web  services  isn’t  secure. 
MITIGATION:  Choose  a  standard,  but  be 
prepared  to  switch. 

ny  plan  to  expose  data  and  applica¬ 
tions  beyond  the  corporate  firewall 
carries  risk.  Web  services  adds  an 
extra  dose  of  complexity  to  a  company’s  IS 
strategy  because  there  are  no  agreed-on  stan¬ 
dards  for  authenticating  users  and  control¬ 
ling  access  to  Web  services  applications  that 
are  accessed  from  outside  the  corporate  fire¬ 
wall.  So  far,  that’s  deterred  many  organiza¬ 
tions  from  pursuing  one  of  Web  services’ 
grandest  promises:  that  trading  partners 
could  assemble  application  components  they 
need  to  use  at  the  time  of  each  transaction. 
For  instance,  a  builder  could  use  one  Web 
service  to  query  catalogs  from  multiple  sup¬ 
pliers,  and  another  one  to  generate  purchase 
orders  to  send  to  two  of  them.  Upon  receiv¬ 
ing  the  purchase  orders,  one  supplier  could 
use  a  Web  service  to  access  an  internal  data¬ 
base  and  confirm  that  the  order  comes  from 
a  customer  in  good  standing.  The  other 
could  use  a  Web  service  provided  by  a  third 
party  to  run  a  credit  check.  The  software  to 
run  each  transaction  could  be  reused  multi¬ 
ple  times  without  additional  programming. 
But  each  of  those  transactions  requires  a 
means  to  verify  that  the  customer  is  who  she 
says  she  is,  and  that  she’s  authorized  to  do 
business. 

Secure  verification  hasn’t  arrived  yet,  but 
early  adopters  have  learned  that  with  plan¬ 
ning,  it’s  possible  to  get  around  that  prob¬ 
lem.  Wells  Fargo’s  Wholesale  Banking  unit  is 
rewriting  35  online  banking  applications  for 
corporate  customers  as  Web  services.  The 
applications,  now  available  through  the 
bank’s  Commercial  Electronic  Office  portal, 
will  be  broken  up  into  their  discrete  com¬ 
ponents  so  that  customers  can  pick  and 
choose  the  features  they  want  to  use  without 
having  to  open  entire  applications  to  per¬ 
form  individual  tasks.  For  instance,  a  com¬ 
pany  treasurer  who  wants  to  make  an 
investment  could  check  her  account  bal- 


MONICA  SHEPHARD 
Director  of  C4  and 
Combat  Systems 
U.S.  Navy  Atlantic  Fleet 


‘We  may  have  disagree¬ 
ments  now  about 
whether  a  particular 
effort  takes  advantage 
of  Web  services  in  the 
best  way  possible,  but 
we’re  not  arguing 
about  whether  Web 
services  is  pertinent  to 
the  U.S.  Navy.” 


mgm  i  r  vp 

r  17 


m . 


A 


lAbtC*  ’ 


I 


PHOTO  BY  DRAKE  SOREY 


It’s  difficult  to  have  short-term  metrics  for  web  services. 

At  the  corporate  level,  Wells  Fargo  looks  for  ROI  in  the  progress  made  toward 
sharing  customer  information  among  different  business  units  and  improve¬ 
ments  in  levels  of  service  provided  to  customers. 


ances,  create  a  wire  transfer,  and  conduct  a 
trade  without  having  to  open  and  click 
through  three  different  applications. 

The  bank  has  addressed  the  security 
conundrum  by  maintaining  its  existing 
methods  for  customers  who  want  to  access 
its  Commercial  Electronic  Office  and  trans¬ 
mit  data.  Customers  have  to  first  establish  a 
business  relationship  with  the  bank  and 
obtain  a  user  ID  and  credentials  before  they 
can  use  any  online  services.  Those  proce¬ 
dures  don’t  have  to  change  for  the  bank  to 
make  Web  services  available  to  customers, 
says  Danny  Peltz,  senior  vice  president  of 
Wells  Fargo’s  Wholesale  Internet  Solutions 
Group. 

The  major  security  challenge  Peltz  faces — 
keeping  track  of  which  transactions  each 
user  is  authorized  to  perform — has  less  to 
do  with  protecting  systems  and  data  from 
unauthorized  access  than  it  does  with  main¬ 
taining  systems’  performance.  As  each  appli¬ 
cation  is  currently  designed,  authorizations 
are  verified  when  a  customer  launches  the 
application.  Because  in  the  future  customers 
will  access  Web  services  instead  of  launching 
an  application,  “the  authorization  has  to 
travel  with  Web  services,”  notes  Peltz.  “You 
don’t  want  to  have  thousands  of  calls  to  a 
database  each  time  there’s  an  authorization 
change.”  Peltz  says  he  expects  to  choose  an 
industry  standard  for  managing  permissions, 
but  observes  “there’s  no  clear  road  map  for 
how  to  do  it.” 

It’s  possible  that  no  standard  will  address 
his  needs  adequately.  But  Peltz  has  built 
into  his  strategy  the  time  and  money  to 
evaluate  different  options.  His  first  deploy¬ 
ment,  at  the  end  of  this  year,  will  be  a  new 
portal  server  that  supports  access  to  Web 


services  applications  through  the  Commer¬ 
cial  Electronic  Office  portal.  Then  he’ll  roll 
out  the  actual  Web  services  every  quarter 
through  mid-2005.  “We’re  not  going  to 
tackle  everything  all  at  once,”  he  says. 

The  Navy,  meanwhile,  has  decided  to 
adopt  security  assertions  markup  language 
(SAML),  an  emerging  standard  that  sup¬ 
ports  authentication  and  authorization  of 
end  users.  As  a  member  of  the  Oasis  stan¬ 
dards  body,  the  Navy  has  been  involved  in 
the  development  of  SAML.  “Based  on 
what  we  know,  we  think  that’s  a  good 
choice,”  says  Monica  Shephard,  director 
of  command,  control,  communications, 
computer  and  combat  systems  for  the 
Navy’s  Atlantic  Fleet.  Because  Navy  per¬ 
sonnel  are  stationed  around  the  globe  and 
support  contractors  require  access  to  both 
classified  and  unclassified  information, 
Shephard  says  a  standard  sign-on  capabil¬ 
ity  managed  as  a  reusable  Web  service  is 
essential  to  ensure  that  everyone  who 
needs  access  gets  it.  And  that  those  who 
don’t,  don’t. 

If  the  market  takes  a  different  tack  and 
the  Navy  decides  to  change  protocols,  Shep¬ 
hard  would  follow  change  management 
policies  set  out  by  the  Navy’s  CIO,  David 
Wennegren.  To  facilitate  technical  changes, 
the  Navy  has  spent  about  $1  million  to 
develop  what  it  calls  a  “portal  connector,” 
a  middleware  layer  that  lets  the  Navy  sub¬ 
stitute  standards  or  data  definitions  with¬ 
out  forcing  changes  to  user  services  or  to 
underlying  databases.  Shephard  has  already 
been  through  one  forced  technology 
change — the  choice  to  adopt  new  portal 
software,  made  by  managers  of  the  Navy’s 
enterprise  network,  the  Navy  Marine  Corps 


intranet.  With  that  experience  behind  her, 
she  is  confident  that  she  can  change  Web 
services  standards  successfully,  if  need  be. 

RISK  NO.  2:  The  lack  of  standards 
breeds  complexity. 

MITIGATION:  Support  multiple 
standards  for  now. 

he  users  of  my  information  and  my 
services  and  my  architectures  are  fre¬ 
quently  disconnected,  often  have 
extremely  small  bandwidth,  and  have  to  do 
business  in  real-time  with  organizations  that 
are  dispersed  globally,”  says  the  Navy’s 
Shephard.  A  big  benefit  of  Web  services  is 
that  those  disparate  groups — whether  a 
land-based  command  center  or  a  battle¬ 
ship — can  easily  access  centrally  managed 
data.  But  there’s  no  consistent  way  to  deliver 
that  information  through  the  many  propri¬ 
etary  portal  platforms  Navy  users  have 
deployed. 

A  standard  called  Web  services  for 
remote  portals  would  provide  a  common 
way  to  plug  Web  services  into  any  portal, 
but  it’s  still  under  development  by  Oasis. 
As  part  of  the  Navy’s  coping  strategy,  it’s 
using  its  market  power  (the  Navy  spends 
$1  billion  a  year  on  its  intranet  alone)  and 
influence  with  standards  organizations  to 
cajole  vendors  into  supporting  as  many  of 
the  emerging  standards  as  possible.  The 
Navy  calls  its  strategy  “vendor  neutrality” 
because  it  presumes  infrastructure  vendors 
will  eventually  provide  products  that  will 
work  with  any  standard  and  therefore  will 
be  easy  to  integrate. 

“It’s  a  difficult  strategy  for  the  short 
term,  and  the  most  powerful  strategy  for 
the  long  term,”  says  Shephard.  In  the  short 


www. cio.com  •  OCTOBER  1,  2003  CIO  67 


Special  Report  Web  Services 


The  Early  Adopters 


term,  Shephard’s  staff  has  to  put  extra  effort 
into  making  Web  services  work  in  a  non¬ 
standard  environment  and  keep  up  with 
technical  details.  The  alternative — picking 
a  few  software  products  that  every  Navy 
unit  would  use — would  ultimately  be  a 
more  difficult  strategy  to  execute,  says  Shep¬ 
hard,  because  it  would  risk  getting  stuck 
with  proprietary  software.  “Then  we  would 
be  tied  to  a  single  view  change  and  a  single 
company’s  ability  to  generate  new  and 
inventive  ideas,”  she  adds.  In  the  meantime, 
the  Navy  is  using  its  portal  connector  to 
facilitate  integration  between  Web  services 
and  proprietary  applications. 


For  Motorola’s  Redshaw,  that  strategy  of 
covering  your  bases  with  multiple  standards 
extends  to  the  choice  between  Microsoft’s 
.Net  and  Sun  Microsystems’  J2EE  as  devel¬ 
opment  platforms  for  Web  services  appli¬ 
cations.  In  his  view,  there  isn’t  really  a 
choice:  Most  companies,  he  thinks,  will 
have  to  invest  in  both,  as  Motorola  has. 
“It’s  strategically  dangerous  to  go  down  one 
path  or  another,”  says  Redshaw.  Most 
established  companies  already  use  J2EE,  he 
notes,  but  “if  you  say,  I  don’t  like 
Microsoft,  and  get  stuck  in  stupid  politics, 
you  may  get  leapfrogged.” 

While  it’s  hard  to  know  exactly  how 


much  it’s  going  to  cost  companies  that 
maintain  both  platforms,  Tom  Welsh,  senior 
consultant  with  Cutter,  says  to  plan  for  pur¬ 
chasing  software  and  servers  to  support 
both  environments,  as  well  as  staffing  up 
with  trained  programmers.  “Few  people  are 
dynamic  enough  to  be  conversant  in  both 
.Net  and  J2EE,”  notes  Welsh.  It’s  also  nec¬ 
essary  to  account  for  the  cost  of  managing 
and  maintaining  the  two  platforms.  Yes, 
those  costs  add  up,  but  as  Welsh  says,  “It’s 
a  mistake  to  hope  for  the  benefits  of  IT 
when  you  grudge  the  time,  money  and 
sheer  effort  necessary  to  understand  what 
it’s  all  about.” 


How  to  Build  Securely  on  Shifting  Sand 

Five  best  practices  for  successful  Web  services  projects 


1  Pilot,  pilot,  pilot  (and  plan 
to  screw  up). 

If  you  haven’t  been  experi¬ 
menting  with  Web  services  in 
the  past  two  years,  don’t  rush 
headlong  into  an  enterprise 
deployment.  “If  there  is  one 
single  factor  that  can  help  you 
minimize  your  risk,  it’s  under¬ 
standing  what  you’re  doing,” 
says  Tom  Welsh,  senior  consult¬ 
ant  with  the  Cutter  Consortium 
consultancy.  “There  are  tre¬ 
mendous  amounts  of  people 
running  into  production  with 
things  they  don’t  understand.” 

Toby  Redshaw,  corporate 
vice  president  of  IT  strategy, 
architecture  and  e-business  for 
Motorola,  advises  doing  multi¬ 
ple  prototypes  to  see  where 
Web  services  offers  the  greatest 
bang  for  the  buck— and  making 
sure  everyone  knows  some 
tests  might  fail.  “I  have  a  pilot 
that’s  an  absolute  disaster,”  he 
says.  “Occasionally,  we’re  going 
to  have  blowups  like  that.” 


2  Focus  on  architecture. 

“You’d  never  let  anyone 
build  a  house  without  a 
blueprint,”  observes  Redshaw, 
and  by  the  same  token,  you 
need  a  service-oriented  archi¬ 
tecture,  which  is  designed  to 
facilitate  connection  of  soft¬ 
ware  components,  to  deploy 
Web  services  most  effectively. 

As  with  many  infrastructure 
investments,  the  ROI  isn’t  read¬ 
ily  apparent.  “In  the  past 
20  years,  IT  was  built  to  last, 
but  in  the  next  10  years,  the 
goal  is  building  IT  to  change,” 
says  Brand  Niemann,  a  com¬ 
puter  scientist  who  heads  the 
federal  CIO  Council's  XML  Web 
Services  Working  Group.  “You 
won’t  see  the  cost  savings  [of  a 
service-oriented  architecture] 
initially,  but  in  the  long  run,  it’s 
cheaper  and  creates  a  more 
agile  organization.” 


Remember  that  nothing 
is  set  in  stone. 

Standards  are  fluid,  soft¬ 
ware  is  maturing,  and  the  Web 
services  you  deploy  now  may 
have  to  be  rewritten  sometime 
in  the  future.  “You’re  guessing 
the  benefits  outweigh  the  cost 
of  recoding,”  says  Whit 
Andrews,  research  director 
with  Gartner. 

Involve  the  business. 

Every  Web  service  is  a 
component  of  a  busi¬ 
ness  process.  Monica  Shep¬ 
hard,  director  of  command, 
control,  communications,  com¬ 
puter  and  combat  systems  with 
the  Navy’s  Atlantic  Fleet,  has 
business  managers  decide 
which  applications  to  convert 
to  Web  services  and  which 
legacy  applications  to  kill. 
Some  legacy  systems  will  die  a 
natural  death,  she  says,  but 
“sometimes  the  right  thing  to 
do  is  wait”  until  users  have 


time  to  revamp  their  business 
processes  to  accommodate  the 
new  environment. 


5  Communicate  with  your 
IT  team. 

By  its  nature,  Web  serv¬ 
ices  is  interdependent,  and 
unless  all  your  software  devel¬ 
opers  are  subscribing  to  the 
same  programming  principles, 
you’ll  end  up  with  a  mess  of 
systems  that  won't  interoper¬ 
ate.  For  instance,  everyone 
should  use  the  same  protocols 
and  access  databases  the  same 
way,  says  Danny  Peltz,  senior 
vice  president  of  Wells  Fargo’s 
Wholesale  Internet  Solutions 
Group.  Educating  developers 
about  new  data  and  communi¬ 
cations  protocols  is  being 
handled  by  Wells  Fargo’s 
Enterprise  Architecture  Group 
through  published  documents, 
brown  bag  lunches  and  the 
existing  process  for  reviewing 
new  software.  -E.V. 


68  CIO  OCTOBER  1,  2003  *  www.cio.com 


Mass  Migration:  the  whole  design  world  is  going  to  AutoCAD  2004. 


autodesk* 

www.autodesk.com/migratefast 


Buy  AutoCAD®  2004  software  by  October  17, 2003,  and  get  up  to  $3 00  CcISll  bcICk! 


©  2003  Autodesk,  Inc.  All  rights  reserved.  Autodesk  and  AutoCAD  are  registered  trademarks  of  Autodesk,  Inc.,  in  the  U.S.A. 
and/or  other  countries.  Promotional  offer  subject  to  terms  and  conditions  found  at  www.autodesk.com/migratefast. 


Special  Report  Web  Services 


The  Early  Adopters 


RISK  NO.  3:  Vendors  might  go  out  of 
business. 

MITIGATION:  Look  past  a  vendor’s 
software  to  its  management. 

s  with  any  emerging  technology,  not 
all  of  the  software  you  need  can  be 
purchased  from  well-established 
vendors.  There’s  a  risk  that  you  could 
choose  a  vendor  that  goes  under  or  a  prod¬ 
uct  line  that  doesn’t  survive. 

“Theoretically,  you’d  say  you  have  to  let 
this  space  mature,  you  have  to  let  the  rate  of 
change  amongst  the  vendors  slow  down, 
and  you  have  a  much  higher  chance  of  pick¬ 
ing  the  right  choices,”  says  Motorola’s  Red- 
shaw.  “It’s  nice,  safe,  probably  a  good 
approach  for  some  companies.  But  if  you’re 
using  old  ‘me  too’  technology,  someone  who 
is  several  steps  ahead  of  you  may  have  corn- 


test,  the  major  software  vendors  probably 
understand  Web  services  technology  best, 
even  if  their  products  aren’t  mature.  Work¬ 
ing  with  companies  that  aren’t  well  estab¬ 
lished  also  requires  some  extra  effort.  “You 
have  to  really  play  a  partner,  if  not  ‘big 
brother’  role,”  adds  Desai.  “In  many  cases 
where  we  think  it  is  strategic  to  IT,  we 
become  an  owner  as  well  as  a  customer.” 

However,  there  are  some  risks  Redshaw 
isn’t  willing  to  take.  A  vendor’s  lack  of  atten¬ 
tion  to  security,  he  says,  “is  a  deal-breaker.” 
Vendors  must  address  how  they  plan  to 
maintain  security  as  their  software  passes 
data  to  another  vendor’s  application.  “If  you 
have  a  serious  enough  gap  there,  you  just 
walk  away,”  he  says. 

Whit  Andrews,  research  director  at  Gart¬ 
ner,  adds  that  a  critical  factor  in  the  choice 
of  vendors  should  be  whether  they  are  driv- 


the  potential  points  of  failure  are  multiplied. 
The  vision  of  Web  services  as  a  way  trading 
partners  could  “discover”  and  use  externally 
published  components  has  generated  a  lot 
of  hype,  but  it’s  far  from  reality.  Neverthe¬ 
less,  early  adopters  anticipate  benefits  to 
using  Web  services  with  external  partners. 
The  key:  Don’t  rely  on  anyone  else  to  supply 
any  Web  services  you  need  to  execute  a 
transaction. 

Wells  Fargo  learned  from  its  experience 
in  rolling  out  its  Internet  applications  that 
customers  “don’t  care  about  the  technol¬ 
ogy,”  says  Steve  Ellis,  who  heads  the  Whole¬ 
sale  Banking  unit,  as  long  as  the  bank 
provides  reliable  and  convenient  service.  So 
he  and  Peltz  see  little  need  to  push  customers 
to  adopt  simple  object  access  protocol  for 
sending  XML  messages,  or  even  to  send 
XML  messages  at  all.  Instead,  the  bank  will 


Diverse  companies  are  rolling  out  Web  services  in 

defiance  of  the  risks,  looking  for  early  mover  advantage,  ROI  projected  in 
the  millions,  and  huge  cost  savings  over  developing  and  deploying  software 
in  conventional  ways.  Early  adopters  are  betting  that  by  investing  in  multiple 
standards,  performing  extra  due  diligence  on  vendors  and  keeping  a  long¬ 
term  outlook,  the  effort  will  be  worth  it. 


petitive  advantage.”  Redshaw  is  willing  to 
accept,  as  the  premium  Motorola  pays  for 
being  an  early  adopter,  the  possibility  that 
some  of  the  vendors  he  picks  may  not 
survive. 

To  mitigate  that  risk,  Redshaw  recom¬ 
mends  that  companies  look  past  the  capa¬ 
bilities  vendors  offer  in  their  current 
products  and  conduct  due  diligence  on  their 
R&D  plans.  “The  tricky  part  is  to  look 
under  the  covers,  to  see  what  their  underly¬ 
ing  architecture  is,”  he  says.  “We’re  trying  to 
pick  the  horse  that’s  going  to  win  20  races 
over  the  next  two  seasons.” 

To  this  end,  Redshaw  scrutinizes  the  ven¬ 
dor’s  middle  management.  “Who’s  running 
R&D?  If  those  guys  really  get  it,  I  have  a 
more  comfortable  feeling,”  he  says.  By  this 


ing  the  development  of  standards  “or  being 
driven  by  them.”  He  advises  picking  ven¬ 
dors  that  have  a  financial  stake  in  the  out¬ 
come  of  the  standards  battles. 


RISK  NO.  4:  Adoption  by  partners  is 
unpredictable. 

MITIGATION:  Deploy  robust  middleware 
that  can  translate  a  variety  of  formats. 

f  you  build  a  Web  services  application, 
will  anyone  use  it?  That’s  a  risk  you  take 
when  you  develop  a  process  that’s  meant 
to  be  used  by  a  trading  partner.  It’s  one  thing 
to  adopt  new  technology  yourself — another 
to  expect  customers  and  suppliers  to  make 
the  same  investments.  And  when  you  rely 
on  trading  partners  to  supply  Web  services 
that  are  critical  to  some  business  process, 


accept  messages  in  any  format  and  convert 
them  to  XML  for  use  by  the  Web  services 
that  apply  EAI  tools. 

“We  see  this  as  one  of  a  suite  of  formats,” 
says  Ellis.  “How  people  connect,  we  expect 
that  to  evolve  over  time.  We  have  30,000- 
plus  companies  we  work  with  with  differ¬ 
ent  expertise  and  skill  sets.”  Donie  Lochan, 
vice  president  with  the  Cap  Gemini  Ernst  & 
Young  Financial  Services  Consulting  Group, 
says  Wells  Fargo’s  strategy  will  be  a  com¬ 
mon  one  as  Web  services  is  offered  exter¬ 
nally.  “There’s  a  large  cost  to  develop 
common  middleware  across  an  enterprise,” 
says  Lochan.  “But  if  you  didn’t  have  that, 
you  would  need  to  go  and  rewrite  a  lot  of 
the  mainframe  applications  that  you  have 
to  expose  them  securely.” 


70  CIO  OCTOBER  1,  2003  •  www.cio.com 


RAM 


Attempt  by  certain  large 
vendors  to  shove  their 
proprietary  technology  solutions 
down  your  enterprise. 


You  already  have  an  infrastructure.  You  don't  want  someone  selling  you  a  new  one.  But  you  need  to  get  all  those  different  systems  working  together.  So  talk  to  us. 
We  live  and  breathe  mixed  environments.  That's  why  our  Nterprise™  solutions  are  just  what  you  need.  Scalable.  Reliable.  Always  available.  Our  consultants 
and  partners  have  years  of  real-world  experience  getting  diverse  systems  to  play  ball  together.  So,  to  get  your  diverse  systems  working  towards  a  common 
goal— creating  revenue— call  us  at  1-800-214-3500  or  visit  http://www.novell.com/nterprise.  @  we  speak  your  language. 

Novell. 


©2003  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  and  Nterprise  is  a  trademark  of  Novell,  Inc.,  in  the  United  States  and  other  countries. 


Dell/EMC  SAN  solutions. 

More  room, 

less  rent. 


Compare:  Dell/EMC  Storage  vs.  HP  Storage 

Dell/EMC  CX400 

HP/ EVA  3000 

DAS,  NAS  or  SAN 

Deployability 

NAS  or  SAN 

Fibre  Channel 
and  ATA 

Flexibility 

Fibre  Channel 

Only 

Up  to  13.4TB 

Scalability 

Up  to  8.2TB 

Up  to 

60  Storage  Pools 

Configurability 

Up  to 

16  Storage  Pools 

Features  as  of  6/16/03  and  are  subject  to  change. 

Dell  |  EMC  Storage  Solutions 

Large  or  small,  your  company  can  have  a  flexible  storage  solution  from  Dell. 

As  you  can  see,  Dell  offers  a  variety  of  solutions  that  give  you  the  flexibility  to  grow. 
Complete  storage  solutions -including  software  and  services -that  deliver  maximum 
productivity  and  scalability. 

See  for  yourself  why  companies  from  small  business  to  the  Fortune  500  are  turning 
to  Dell/EMC  SAN  solutions.  Go  to  www.dell.com/SAN2  today  and  click  the  Storage 
Consolidation  ROI  Analyst  Tool. 


Complete  SAN  solutions  at  a  better  overall  value.  Easy  as 

— 

Click  www.dell.com/SAN2  Call  1-866-664-6518 

toll  free 

Dell,  the  Dell  logo  and  PowerEdge  are  registered  trademarks  of  the  Dell  Computer  Corporation.  EMC'  and  EMC  are  registered  trademarks  of  EMC  Corporation.  ©2003  Dell  Computer  Corporation.  All  rights  reserved. 


EMC2 


Special  Report  Web  Services  The  Early  Adopters 


It’s  also  necessary  to  think  hard  about 
how  to  maintain  systems’  performance 
when  Web  services  applications  interact  with 
each  other,  says  William  Wood,  executive 
vice  president  for  enterprise  business  serv¬ 
ices  and  information  management  with 
Wells  Fargo’s  IT  organization,  Wells  Fargo 
Services  Co.  “To  manage  end-to-end  avail¬ 
ability,  you’re  only  as  strong  as  the  weakest 
link,  so  capacity  and  performance  planning 
and  really  understanding  what  service  lev¬ 
els  are  provided  needs  to  be  a  very  big 
focus,”  says  Wood,  who  oversees  Web  serv¬ 
ices  investments  at  the  enterprise  level.  That’s 
easier  to  do  yourself  than  if  you’re  depend¬ 
ing  on  external  trading  partners  to  provide 
Web  services. 


RISK  NO.  5:  No  evidence  yet  for 
enterprise  ROI. 

MITIGATION:  Think  long  term. 

hile  evidence  is  emerging  that 
companies  already  have  realized 
benefits  from  their  investments  in 
Web  services,  enterprise-level  ROI  is  still 
largely  theoretical.  Leading  organizations 
currently  report  their  gains  in  terms  of  the 
time  and  money  saved  on  application  devel¬ 
opment,  says  Cap  Gemini’s  Lochan.  Such 
savings  can  be  impressive — the  Navy 
lopped  more  than  $8  million  a  year  from 
the  cost  to  manage  just  one  operation  plan¬ 
ning  application  as  a  Web  service,  and  can 
now  develop  new  applications  in  a  few 
months  instead  of  years.  The  Navy  also 
reports  improvements  in  strategic  processes 
such  as  mission  planning  due  to  Web  serv¬ 
ices  that,  for  instance,  enable  the  aggrega¬ 
tion  and  centralization  of  mission-critical 
weather  reports. 

While  it’s  taken  a  year  and  a  half  to  whit- 


Talk  to  Samir  Desai 


The  senior  vice  president  and  CIO  of 
Motorola  has  plunged  into  the  fray  with 
an  enterprisewide  deployment  of  Web 
services.  How's  it  going  so  far?  What  has  he 
learned?  Just  how  does  one  deploy  Web 
services?  Through  Oct.  15,  you  can  ASK  THE 
SOURCE  as  Samir  Desai  answers  your  ques¬ 
tions  on  Web  services.  Go  to  www.cio.com/ask. 

cio.com 


tie  100,000  applications  down  to  6,000 
Web  services,  Shephard  anticipates  it  will 
take  several  more  years  to  reach  her  ulti¬ 
mate  goal  of  a  few  hundred  Web  services. 
Because  technological  change  is  driven  by 
fundamental  changes  in  how  the  Navy 
operates,  the  business  value  of  Web  services 
is  dependent  on  how  commanders  execute 
their  mandates  to  collaborate  more  closely. 
Getting  top  Navy  leaders  to  buy  into  the 
potential  of  Web  services  was  one  of  Shep¬ 
hard’s  biggest  challenges.  “We  may  have 
disagreements  [now]  about  whether  a  par¬ 
ticular  effort  takes  advantage  of  Web  serv¬ 
ices  in  the  best  way  possible,  but  we’re  not 
arguing  about  whether  [Web  services]  is 
pertinent  to  the  U.S.  Navy,”  she  says. 

Wells  Fargo’s  Wood  notes  that  “it’s  diffi¬ 
cult  to  have  short-term  metrics”  for  Web 
services.  Wells  Fargo  doesn’t  even  maintain 
a  separate  budget  for  its  Web  services 
investments,  instead  incorporating  them 
into  its  IT  architecture  budget.  At  the  cor¬ 
porate  level,  Wood  looks  for  ROI  in  the 
progress  made  toward  sharing  customer 
information  among  different  business  units 
and  improvements  in  levels  of  service  pro¬ 
vided  to  customers.  When  it  comes  to 
specific  projects,  Peltz  says  he’ll  keep  invest¬ 
ments  under  control  by  developing  new 
services  in  short,  iterative  cycles  rather  than 
sinking  a  lot  of  money  into  big  projects. 
And  he’ll  tackle  first  the  projects  that  cus¬ 
tomers  want  the  most — services  like  event 
messaging  (customized  notifications  about 
payments  received  or  other  financial  events) 
and  payment  transactions. 

Becoming  an  early  adopter  of  Web  serv¬ 
ices  is  not  an  easy  road.  “Most  cultural 
change  programs  fail.  Most  strategic  change 
programs  fail.  Most  large  IT  programs  fail 
or  underperform,”  says  Motorola’s  Desai. 
“Aggressively  adopting  Web  services  at  the 
enterprise  level  is  all  three  combined.  So  the 
most  critical  decision  is  to  see  how  not  doing 
this  can  be  competitively  dangerous.”  HPl 


If  you’re  an  early  adopter,  tell  Senior  Editor  Elana 
Varon  about  your  experiences.  You  can  reach  her 
via  e-mail  at  evaron@cio.com. 


When  it  comes  to  SAN  solutions, 
the  numbers  speak  for  themselves. 


Visit  www.dell.com/SAN2  and  go  to  the  Dell 
Storage  Consolidation  ROI  Analyst  Tool  for  a  free 
business  case  analysis  that  clearly  outlines  the  best 
storage  solution  for  you.  From  needs  and  deployment 
to  enterprise-level  services,  Dells  comprehensive 
storage  consolidation  solution  will  help  you 
determine  your  organizations  exact  requirements, 
and  help  simplify  the  implementation. 


Or  call  1-866-664-6518  today  to  speak  with  a  Dell 
representative.  Together  you  can  assess  your 
situation  and  then  develop  a  cost-effective 
storage  solution  that  can  improve  both  your 
operations  and  your  bottom  line. 


Easy  as 


1X4.1. 


Click  www.dell.com/SAN2 
Call  1-866-664-6518 

toll  free 


www.cio.com  •  OCTOBER  1,  2003  CIO  73 


Post-Implementation  Audits 


UNTIL  YOU  DO  THE  POST¬ 
IMPLEMENTATION  AUDIT 


Scrutinizing  every  aspect  of  a  finished  project  and 
acting  on  the  lessons  learned  can  be  controversial 
and  difficult.  But  post-implementation  audits  are  an 
important  way  to  avoid  repeating  costly  mistakes. 

BY  MERIDITH  LEVINSON  „  . 

Reader  ROI 

►  Why  post-implementation 
audits  are  valuable 

►  Learn  from  companies 
doing  it  right 

►  Overcome  resistance  to 
PIAs  in  your  organization 


74  CIO  OCTOBER  1.  2003  •  www  .cio  .com 


PHOTO  BY  MARK  BOLSTER 


soon  as  Michael  Baker  Corp.’s  IT  department  finished  installing  a 
Web-based  procurement  system  from  ePlus,  Bruce  Higgins,  CIO  of 
the  $405  million  engineering  and  construction  company,  was  bom¬ 
barded  with  inquiries  from  colleagues  about  the  system’s  effectiveness.  He  had 
ample  anecdotal  evidence  suggesting  that  orders  were  getting  turned  around  more 

quickly,  but  he  didn’t  have  tangible  proof  that  the  system  was  improving  efficiency. 

So  he  decided  to  conduct  his  first  ever  post-implementation  audit  (PIA)  of  the  new 
system.  A  PIA  is  a  top-to-bottom  evaluation  of  the  hard  and  soft  benefits  derived 
from  a  strategic  information  system,  the  security  of  that  system  and  the 
project  management  process  for  deploying  it.  From  the  PIA,  Higgins 
learned  that  because  IT  miscalculated  the  number  of  people  needing  to  use 
the  new  system,  the  ROI  was  driven  down  by  the  cost  of  ordering  addi¬ 
tional  licenses.  The  PIA  also  showed  that  the  system  was  saving  the  com¬ 
pany  more  than  $150,000  yearly,  however,  so  Higgins  was  able  to  prove 
the  system’s  worth  to  his  colleagues.  And  he  learned  some  valuable  lessons 
on  what  not  to  do  on  subsequent  projects. 

CIOs  would  do  well  to  follow  Higgins’  lead  in  realizing  that  a  PIA  is 
a  worthwhile  way  to  prove  the  value  of  IT.  But  many  don’t.  In  fact,  Bar¬ 
bara  Gomolski,  a  research  director  with  Gartner,  estimates  that  a  mere 
20  percent  of  companies  take  the  time  to  conduct  PIAs. 

Companies  avoid  post-implementation  audits  for  many  reasons:  They 
take  too  much  time  and  drain  away  valuable  personnel  resources — two 
things  currently  in  short  supply.  They  require  reams  of  documentation  so 
that  processes  and  results  can  be  validated.  Finally,  project  sponsors  and 


Bruce  Higgins,  CIO  for 
Michael  Baker  Corp., 
says  that  post-imple¬ 
mentation  audits  help 
him  prove  a  system’s 
value.  They  also  yield 
lessons  for  the  next 
project. 


implementers  fear  that  the  results  of  an  audit, 
if  unfavorable,  will  be  used  against  them. 

The  CIOs  at  companies  successfully  per¬ 
forming  audits  have  identified  critical  suc¬ 
cess  factors,  including:  getting  the  right 
people  involved,  timing  the  audit  properly, 
and  collecting  enough  documentation  to 
facilitate  the  smooth  execution  of  a  PIA. 
They  pick  the  right  projects  to  audit  (for 
more  information  on  this,  see  “How  to 
Select  the  Right  Project  for  Your  First 
Post-Implementation  Audit”  at 
www.  cio.  com/printlinks ) .  And 
these  CIOs  share  several  key 
traits  on  how  they  ensure  that 
PIAs  become  a  sustained  prac¬ 
tice  in  their  organizations:  They 
are  all  committed  to  continuous 
improvement,  they’ve  made 
PIAs  a  part  of  their  project  man¬ 
agement  methodologies,  and 
they  have  their  CEOs’  support. 
But  companies  not  perform¬ 
ing  PIAs  are  missing  out  on 
the  important  benefits  such 
data  provides.  Although  the 
challenges  and  risks  associated 
with  PIAs  seem  formidable, 
66  percent  of  this  year’s  CIO 
100  honorees  always  or  fre¬ 
quently  conduct  them,  accord¬ 
ing  to  a  CIO  survey.  Since  the 


www.cio.com  •  OCTOBER  1,  2003  CIO 


75 


Post-Implementation  Audits 


According  to  Jim  Smith,  CIO  of  Sun  Life  Financial,  post-implementation  audits  give  IT  a 
valuable  tool  for  helping  business  units  understand  where  their  dollars  are  being  spent. 


honorees  were  chosen  for  their  exceptional 
resourcefulness,  their  prevalent  use  of  the 
audit  establishes  it  as  a  best  practice  among 
highly  effective  organizations.  PIAs  provide 
a  thorough  approach  for  proving  the  value 
of  high-cost,  mission-critical  IT  investments 
and  for  gleaning  project  management  best 
practices,  which  CIOs  can  then  apply  to 
keep  subsequent  projects  on  track.  At  a  time 
when  the  value  of  CIOs,  IT  departments  and 
IT  investments  are  under  increased  scrutiny, 
PIAs  are  now  more  critical  to  CIOs’  success 
and  survival  than  ever  before.  “With  the 
pressure  on  business  today  and  the  respon¬ 
sibility  of  IT  to  help  the  business  units 


understand  where  their  dollars  are  being 
spent,  I  really  have  trouble  with  anyone  say¬ 
ing  you  shouldn’t  be  doing  [PIAs]  in  this 
[hard  economic]  time,”  says  Jim  Smith,  CIO 
of  Sun  Life  Financial  and  a  strong  advocate 
of  PIAs. 

How  to  Overcome 
Resistance  to  Audits 

any  CIOs  and  their  IT  organiza¬ 
tions  shy  away  from  audits 
because  they  think  they’ll  be 
scapegoated  if  the  audit  reveals  problems  or 
lack  of  ROI.  That’s  why  Michael  Barilla, 
vice  president  for  business  information  serv¬ 


ices  of  Greif,  a  $1.6  billion  manufacturer  of 
industrial  and  paper  packaging,  frequently 
reminds  himself  and  his  IT  staff  that  systems 
implementations  and  software  deployments 
are  not  IT  projects,  but  business  projects.  So 
if  a  project  fails,  he  says,  “it’s  going  to  fail  as 
a  team,”  and  everyone — not  just  IT — will 
be  accountable. 

Gartner’s  Gomolski  concurs.  If  an  audit 
exposes  a  shortcoming,  she  says,  that  prob¬ 
lem  shouldn’t  only  reflect  on  IT,  especially  if 
the  project  was  jointly  sponsored  by  the 
business,  IT  and  finance. 

“Exposing  problems  can  be  a  double- 
edged  sword,”  says  Gomolski.  “But  it’s  bet¬ 
ter  to  be  proactive.  If  you  haven’t  achieved 
the  value  you  thought  you  would,  figure  out 
what  you  can  do  to  change  that.” 

Another  common  concern  about  PIAs 
shared  by  CIOs,  IT  employees  and  even 
businesspeople  is  that  they  suck  up  too 
much  time  and  require  too  much  toil.  But 
companies  that  perform  PIAs  say  they 
shouldn’t — and  don’t — take  a  lot  of  time  to 
execute.  Honeywell  Aerospace  aims  to 
spend  no  more  than  seven  to  10  days  con¬ 
ducting  an  audit,  and  Sun  Life  Financial  tries 
to  complete  PIAs  within  two  weeks. 

Furthermore,  CIOs  who  conduct  PIAs 
say  the  time  and  resources  audits  use  get 
recouped  on  subsequent  project  implemen¬ 
tations.  Resistance  to  audits  also  often  stems 
from  a  desire  to  be  rid  of  a  project  once  the 
deployment  is  complete  and  to  move  on  to 
the  next  challenge.  The  trick  is  to  make  it 
easy  for  workers  to  conduct  and  provide 
feedback  for  PIAs.  For  example,  when  Sun 
Life  Financial’s  IT  project  office  needs  to 
solicit  feedback  on  a  system  from  business 
users,  it  asks  them  to  fill  out  an  electronic 
survey,  on  their  own  time,  that  takes  no 
more  than  20  minutes  to  complete.  The 
response  rate  for  those  surveys  is  usually  bet¬ 
ter  than  50  percent  and  is  sometimes  close  to 
100  percent,  says  Ed  Esposito,  director  of 
the  project  office. 

Because  Honeywell  Aerospace’s  IT  organ¬ 
ization  for  its  Aviation  Aftermarket  Services 
unit  also  has  trouble  reengaging  business 
users  in  a  project  during  an  audit,  the  IT 


76  CIO  OCTOBER  1,  2003  •  www. cio.com 


PHOTO  BY  MARK  BOLSTER 


It’s  better  to  have  a  group  of  people  from 
different  functions  participate  in  the  audit 
rather  than  just  an  IT  team. 


organization  leverages  its  staffers  who  have 
completed  training  in  Six  Sigma,  a  process 
improvement  methodology.  Those  with  Six 
Sigma  training,  who  are  experts  in  business 
processes,  provide  the  IT  department  with 
the  feedback  it  needs  to  determine  whether 
a  system  has  streamlined  workflows. 

Engage  the  Right  People 

Who  should  perform  PIAs  is  a  mat¬ 
ter  of  great  debate.  The  most 
common  groups  of  workers 
include  one  or  more  of  the  following. 

■  Members  of  the  project  implementation 
team  from  IT 

■  Members  of  the  project  implementation 
team  from  both  IT  and  the  business 
■  Representatives  from  a  company’s  internal 
audit  department 

At  Sun  Life  Financial,  IT’s  project  office 
leads  the  PIA  process  on  its  own  IT  and 
non-IT  projects.  But  it  does  so  in  conjunc¬ 


tion  with  the  finance  department  and  the 
company’s  internal  audit  department.  IT 
projects  are  audited  from  the  beginning  and 
on  an  ongoing  basis,  rather  than  at  the  end 
of  an  implementation,  which  ensures  that 
IT  follows  sound  project  methodologies, 
meets  user  requirements,  stays  on  budget 
and  implements  proper  security  controls. 

Sun  Life  Financial’s  approach  comes  clos¬ 
est  to  being  the  best,  according  to  PIA 
experts.  Don  Christian,  a  partner  with  Price- 
waterhouseCoopers,  says  the  PIA  team 
should  consist  of  a  businessperson  and  an 
IT  person  who  were  involved  with  the 
implementation,  and  that  it  should  be  led 


by  someone  independent,  such  as  an  internal 
auditor,  who  was  not  part  of  the  project 
team.  Christian  says  it’s  better  to  have  a 
group  of  people  from  different  functions 
participate,  rather  than  just  an  IT  team  or 
just  internal  audit  because  they  all  provide 
valuable  input.  The  advantage  of  having 
members  of  the  IT  project  team  involved  is 
that  they’re  intimately  familiar  with  the  ben¬ 
efits,  deliverables  and  requirements  of  the 
project.  And  because  they  know  the  project 
so  well,  it  is  easier  for  them  to  fully  evaluate 
a  project.  Having  a  businessperson  on  the 
audit  team  is  important  because  she  can 
more  easily  determine  if  an  external  factor 


1)  Conceive  2)  Scan 


ricoh.com/share 


www .cio .com  •  OCTOBER  1,  2003  CIO  77 


The  Select  Member  CIO 
you  put  me  In  touch  with 
was  knowledgeable, 
forthcoming  and  extremely 
helpful.  His  shop  and 
ours  have  much  in  common. 
The  call  was  excellent!” 


BENEFIT  FROM  THE  EXPERIENCE  OF  YOUR 
PEERS -JOIN  CIO  SELECT. 


-CIO  of  a  $7  billion 
insurance  company 


I  am  getting  tremendous 
value  out  of  the  board-level 
presentations  I  have  down¬ 
loaded  from  Select.” 


CIO  Select  is  an  exclusive 
networking  program  that 
helps  CIOs  share  ideas, 
documents  and  advice. 


-CIO  of  a  $3  billion 
manufacturer 


Membership  in  CIO  Select  is  reserved  for  CIOs 
of  midsize  to  large  organizations. 


ClOSelect 


The  Resource  for 
Information  Executives 


AN  EXCLUSIVE  PEER  SERVICE  FOR  CIOs 


For  Information  and  Membership  Pricing: 

Contact  Martha  Heller,  Director,  CIO  Select, 
at  508.988.6738  or  mheller@c/o.com  or 
via  www.cio.com/community/select.html. 


Post-Implementation  Audits 


'Exposing  problems  can  be  a  double-edged 
sword.  But  it’s  better  to  be  proactive. 

If  you  haven’t  achieved  the  value  you  thought 
you  would,  figure  out  what  you  can  do  to 

change  that.”  -Barbara  Gomolski,  research  director,  Gartner 


rather  than  a  systems  failure  is  causing  a  sys¬ 
tem  to  not  generate  expected  value.  And  an 
independent  auditor  is  important  because 
he’s  not  afraid  to  ask  tough  questions  and 
will  prevent  the  members  of  the  project  team 
who  are  involved  in  the  audit  from  softening 
any  findings. 

Time  It  Right 

When  to  conduct  an  audit,  just  as 
who  should  lead  it,  is  a  matter  of 
debate.  When  to  start  depends 
on  the  type  of  system  or  application 
deployed,  the  amount  of  time  it  will  take 
before  the  application  begins  generating 
some  results  or  data,  and  the  amount  of 
time  it  takes  staffers  to  get  acclimated  to 
the  new  system  and  new  processes.  Gen¬ 
erally  the  audit  should  take  place  well 
within  a  year  of  implementation. 

“When  we  started  the  audit  a  month 
after  the  implementation,  we  didn’t  have 


enough  data  to  see  if  the  system  was  suc¬ 
cessful  or  not,”  says  Michael  Baker  Corp.’s 
Higgins.  “It’s  really  important  to  make  sure 
the  system  is  up  and  running  long  enough 
to  have  enough  data  in  the  system  that  you 
can  analyze.” 

Ken  Cunneen,  IT  leader  for  technology 
and  integrated  supply  chain  systems  in  Hon¬ 
eywell  Aerospace’s  Aviation  Aftermarket 
Services  division,  says  if  a  company  imple¬ 
ments  a  financial  system  that  only  gives 


results  once  a  quarter,  the  audit  team  should 
wait  at  least  three  to  six  months  until  the 
system  has  generated  enough  data  before 
performing  a  PIA. 

On  the  other  hand,  the  sooner  you  start 
the  audit,  the  fresher  the  data  and  the  easier 
it  is  to  cull  lessons  learned.  Which  is  why 
PIAs  should  not  be  a  onetime  event,  says 
PWC’s  Christian. 

Sun  Life  Financial’s  project  office  begins 
PIAs  within  a  month  of  project  completion 


3)  Manipulate 


4)  Print 


ricoh.com/share 


www. cio.com  •  OCTOBER  1,  2003  CIO  79 


Post-Implementation  Audits 


Eight  Steps  for  a 
Successful  PIA 


ILong  before  the  post-implemen¬ 
tation  audit  (PIA)  begins,  write  up 
a  clear  business  case  that  delineates 
and  breaks  down  the  cost  of  the 
project,  the  soft  and  hard  benefits, 
the  expected  ROI,  and  when  the  ROI 
will  be  fully  achieved. 

2  Keep  scrupulous  records  of  all 

the  changes  that  are  made  to  the 
system  and  to  the  project  plan  during 
the  implementation.  A  Web-based 
version  control  or  collaboration  tool 
can  make  this  easier. 

3  Identify  the  members  of  the 

audit  team. 

4  Schedule  a  kick-off  PIA  meeting 
to  identify  all  the  logistics  that 
need  to  take  place  to  perform  the 
audit. 

5  Review  the  business  case,  the 

initial  scope  of  work  and  all  the 
change  orders.  Around  the  same  time, 
schedule  interviews  with  users  or 
send  out  satisfaction  surveys.  Also 
survey  implementation  team  mem¬ 
bers  to  find  out  how  well  they  think  the 
various  project  objectives  were  met. 
Test  the  system  and  its  controls. 
Examine  the  quality  of  the  data.  Take  a 
sample  of  the  transactions  to  make 
sure  they’re  being  processed  the  way 
they  should.  Engage  the  finance 
department  to  conduct  its  review  of 
the  system’s  payoff. 

6  Compare  audit  findings  with  the 
business  case  to  see  if  you  hit 
your  target. 

7  Gather  lessons  learned.  Identify 
what  went  well,  what  didn’t  and 
why.  Determine  how  you  can  address 
what  didn’t  go  well  in  future  imple¬ 
mentations. 

8  Perform  follow-up  reviews, 

if  necessary.  -M.L. 


to  do  a  postmortem  on  the  implementation 
process  and  to  get  feedback  from  users  to 
make  enhancements  to  the  system.  “When 
we  have  benefits  that  are  realized  over  a 
period  of  years  after  the  project  is  imple¬ 
mented,  we  do  follow-up  reviews,”  says  Sun 
Life  Financial’s  Esposito. 

Higgins  plans  to  take  that  iterative 
approach  with  Michael  Baker  Corp.’s  ERP 
implementation,  which  is  scheduled  to  be 
completed  by  the  end  of  this  year.  “We  will 
begin  to  audit  the  effectiveness  of  the  new 
system  within  a  couple  of  months  after  we 
finish  implementing  it,”  says  Higgins. 
“Then  we’ll  probably  start  to  look  at  the 
ROI  six  to  eight  months  after  we  go  live 
so  that  we  have  enough  data  to  perform  a 
good  analysis.” 

Maintain  Meticulous 
Documentation 

nother  key  to  successful  PIAs  is 
good  documentation,  which  takes 
many  forms.  It  includes  the  busi¬ 
ness  case  that  outlines  the  system’s  expected 
cost,  benefits  and  ROI;  the  project’s  time 
line,  including  key  metrics  and  milestones; 
a  breakdown  of  the  system’s  technical 
requirements;  a  record  of  the  security  and 
financial  controls  that  have  been  put  inside 
the  system;  and  a  compendium  of  all  the 
changes  that  have  been  made  to  the  system 
or  project  plan.  But  getting  good  docu¬ 
mentation  is  one  of  the  biggest  challenges 
CIOs  and  IT  departments  face  in  conduct¬ 
ing  PIAs,  particularly  if  they’re  doing  one 
for  the  first  time. 

Sharon  L.  Thompson,  director  of  IT 
audit  for  the  AARP,  says  that  if  an  auditor 
discovers  that  the  implementation  team 
does  not  have  a  thorough  business  case,  a 
detailed  project  time  line  or  meticulous 
records  of  changes  and  security  controls, 
the  auditor  should  note  that  discovery  in 
the  audit  report  and  include  a  recommen¬ 
dation  for  the  implementation  team  to  keep 
better  records. 

To  make  life  easier  for  himself  and  his 
post-implementation  auditors,  Higgins  uses 
a  Web-based  collaboration  tool  called 


MPOWR — developed  by  members  of  his  IT 
department  to  do  version  control  and  to 
archive  changes  made  to  the  project’s  scope, 
templates,  time  line  and  budget.  When  it 
comes  time  to  do  a  PIA,  Higgins  sends  the 
auditors  a  link  to  the  MPOWR  site  with  a 
user  name  and  password. 

Sun  Life  Financial’s  IT  project  office  also 
developed  a  project  portfolio  management 
system  in-house  that  the  project  manager 
uses  to  report  on  a  monthly  basis  changes 
to  a  project’s  cost,  milestones  and  schedule. 

Act  on  Lessons  Learned 

f  you  don’t  use  PIAs  to  identify  ways  to 
improve  project  management,  you’re  not 
realizing  their  full  value.  Sun  Life  Finan¬ 
cial’s  Esposito  says  project  team  members 
who  served  on  the  audit  and  implementa¬ 
tion  teams  hold  a  meeting  during  the  PIA 
process  to  discuss  what  went  well  and  what 
went  wrong  both  during  the  implementa¬ 
tion  and  the  audit,  and  to  identify  areas  for 
improvement. 

To  ensure  that  people  take  these  lessons 
to  heart,  Sun  Life  Financial  posts  them  on 
the  corporate  intranet  and  submits  to  senior 
management  a  summary  of  findings  from 
PIAs  of  all  projects  done  during  the  course 
of  the  year.  Esposito  also  makes  changes  to 
project  management  and  implementation 
processes  if  a  project’s  PIA  indicates  that 
changes  are  warranted. 

Sun  Life  Financial  annually  reviews  the 
audits  of  different  projects  to  identify  com¬ 
mon  areas  that  need  improvement.  Gart¬ 
ner’s  Gomolski  says  it’s  important  to  do 
this  type  of  project-to-project  comparison. 
“The  real  value,”  she  says,  “is  in  seeing 


Learn  More  About  PIAs 


Looking  for  the  backup  to  prove  IT  value? 

Look  online  for  NAILING  THE  POST-IMPLE¬ 
MENTATION  AUDIT,  which  includes  a: 

•  BUSINESS  CASE  PROCESS  with  flow  charts 

•  PIA  SCORECARD  for  planning 

•  PIA  SUMMARY  of  major  steps 

Plus  additional  resources:  "How  to  Select  the 
Right  Project  for  Your  First  PIA"  and  "Doing  It 
Right:  Questions  to  Ask  During  an  Audit."  Find 
it  all  on  the  online  version  of  this  article  or  at 
www.cio.com/printlinks 

cio.com 


80  CIO  OCTOBER  1,  2003  •  www.cio.com 


“If  you  have  the  project’s  objectives, 
approach,  how  the  business  areas  are 
involved  in  the  project,  the  expected  costs, 
and  the  anticipated  benefits  well-defined 
up  front,  then  when  you  come  in  to  do  the 
post-project  audit,  there  are  no  surprises.” 

-Ed  Esposito,  director  of  Sun  Life  Financial's  IT  project  office 


some  of  the  patterns.  For  example,  ‘We 
screw  up  every  time  we  do  an  integration 
project.  What  does  that  mean?’  Or,  ‘Every 
time  we  do  a  project  with  this  business 
unit,  we  suffer  from  amazing  scope  creep 
because  they  don’t  really  know  what  they 
want,  so  maybe  we  have  to  work  with 
them  differently.’” 

Sustain  the  Momentum 

ow  that  you’re  armed  with  con¬ 
vincing  arguments  on  the  impor¬ 
tance  of  PIAs  and  success  factors 
for  pulling  them  off,  making  them  a  sus¬ 
tained  practice  in  your  organization  should 
look  less  daunting. 

“If  you  have  the  project’s  objectives, 
approach,  how  it’s  going  to  be  organized, 
how  the  business  areas  are  involved  in  the 
project,  the  expected  costs,  and  the  antici¬ 
pated  hard  and  soft  benefits  well-defined 
up  front,  and  you  manage  change  along  the 


way,  then  when  you  come  in  to  do  the 
post-project  audit,  there  are  no  surprises,” 
says  Esposito. 

Not  only  do  PIAs  go  smoother  when 
you’ve  done  all  the  hard  work  on  the  front 
end,  but  you  increase  your  odds  of  actualiz¬ 
ing  the  system’s  value.  “By  getting  a  better 


understanding  of  project  costs  up  front,” 
says  Higgins,  “you’ll  be  more  likely  to  hit 
the  ROI  you’re  trying  to  meet.”  BE] 


Are  you  afraid  of  post-implementation  audits?  Tell 
Senior  Writer  Meridith  Levinson  via  e-mail  at 
mlevinson@cio.com. 


5)  Scream 


With  Ricoh's  imaging  solutions  on  your 
network  you  can  share  and  manage  ideas 
every  step  of  the  way. 

How  well  do  you  share? 


KDiiKT 

Image  Communication 


Go  to  ricoh.com/share  to  see  how  Aficio*  digital  office  equipment  can  help 


you. 


www.cio.com  •  OCTOBER  1,  2003  CIO  81 


IBM,  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  iPod™  image  courtesy  of  Apple  Computer,  Inc.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp.  All  rights  reserved. 


Music  on  demand.  More  and  more  people  have  moved  from  buying 
CDs  to  downloading  the  songs  they  want  to  hear,  when  they  want  them. 
On  demand  is  changing  the  way  consumers  —  and  entire  industries  —  act. 


1993  One  guy  in  Omaha  downloads  “Swanee  River.” 
1999  Digitized  music  +  Internet  =  Napster.  Industry  roiled. 
2003  Millions  download  music,  paying  99  cents  a  song. 


The  iPod™:  New  technology 
and  new  business  model  meet 


A  guide  to  the  on  demand  world:  The  big  picture 


Yes,  I’m  sure  on  demand  is 
very,  very,  very,  very  important. 

What  is  it  again? 

It’s  an  on  demand  world.  When  did  it  happen?  Who  pushed  the  “on”  button 
in  on  demand?  Did  we  just  wake  up  one  morning  to  an  on  demand  world? 


It’s  been  coming  for  some  time.  Business  and  technology  continue  to  merge.  E-business 
keeps  driving  ever  higher  levels  of  customer  expectations  and  cutting-edge  delivery  on  those 
expectations.  Pressure  to  deliver  instantly  is  reaching  a  critical  mass  in  most  industries,  a 
tipping  point,  where  on  demand  becomes  the  norm. 

What  is  on  demand?  To  a  consumer,  it  means  you  can  buy  a  song  online  in  the  middle  of  the 
night.  Rent  a  video  right  on  your  TV  set.  Get  what  you  want,  when  you  want  it.  For  companies, 
it  means  your  processes  are  integrated  —  not  just  internally,  but  with  partners,  vendors, 
suppliers,  and  of  course,  customers.  So  when  opportunity  knocks,  you  can  answer. 


The  more  often  people  get  things  on  demand  (whether  it’s  music  and  videos  or  cars  and 
retirement  plans),  the  more  they  expect  that  capability  from  you.  Or  your  competitor.  It’s 
one  big  connected  world,  driven  by  demand.  Are  you  ready  for  it? 


Can  you  see  it?  It’s  an  on  demand  world.  A  world  where  the 
line  between  business  and  technology  is  fast  disappearing.  IBM 
is  uniquely  positioned  to  help  you  get  there,  with  everything  from 
high-level  business  model  analysis  to  deep  industry  knowledge 
to  implementation  capabilities.  So  you  can  act  —  and  react  —  fast. 
On  demand  business.  Get  there  with  (©business  on  demand™ 


ibm.com/ondemand 


Farmers  Insurance 


CIO  Jan  Franklin 


schedules  time  in  her 
day  to  walk  the  floor 
because  she  realizes 
it’s  the  best  way  to 
connect  with 
employees. 


PHOTO  BY  DANNY  TURNER 


Leadership 


Just  when  she  thought  she  knew  everything ,  this  IT  veteran  spent 
some  time  on  the  business  side.  What  she  learned  there  prepared 
her  to  take  over  as  Farmers ’  CIO  when  opportunity  knocked. 

BY  ALICE  DRAGOON 


JAN  FRANKLIN  WAS  17  WHEN  SHE  LANDED  HER  FIRST  JOB  AT  FARMERS  INSURANCE  AS  A  KEYPUNCH  OPERATOR 

on  the  4  p.m.  to  midnight  shift.  Within  two  years,  the  driven  college  student  got  herself  promoted  to 
a  programming  job,  launching  her  steady  ascent  up  the  IT  ranks.  Fast-forward  to  2001,  and  Franklin 
had  become  vice  president  of  IT  applications  and  development,  overseeing  a  $300  million  budget  as 
IT  chief  operating  officer.  At  that  point,  she  knew  pretty  much  everything 
there  was  to  know  about  IT  at  Farmers,  having  done  most  of  it  herself. 

But  Franklin  had  the  good  sense  to  know  what  she  lacked:  direct 
business  experience.  So  she  ventured  outside  the  realm  of  IT  to  ask  then 
Executive  Vice  President  of  Property  and  Casualty  Stephen  Leaman  to 
be  her  mentor.  When  he  suggested  a  tour  of  duty  on  the  front  lines  of  the 
business  to  round  out  her  experience,  she  readily  agreed.  So  Leaman 
put  a  bug  in  CEO  Martin  Feinstein’s  ear.  Having  served  as  CIO  himself 


Reader  ROI 

►  How  time  on  the  business 
side  can  benefit  you 

►  Recognize  the  value  of 
listening  to  your  users 

►  Realize  the  importance  of 
looking  beyond  metrics 


www.cio.com  •  OCTOBER  1,  2003  CIO  85 


Leadership 


in  the  early  ’90s,  Feinstein  understood  that 
letting  Franklin  broaden  her  horizons  would 
make  her  a  more  valuable  employee — and 
knew  that  IT  would  benefit  from  having  a 
scout  on  the  business  side.  Franklin  would 
be  able  to  identify  opportunities  to  apply  IT 
strategically  and  get  a  chance  to  view  IT 
from  a  user’s  viewpoint.  When  the  business- 
side  position  of  executive  director  of  the  Los 
Angeles  Service  Center  (LASC)  became 
available  in  September  2001,  Leaman  called 
Franklin  in  London,  where  she  was  cele¬ 
brating  her  10th  wedding  anniversary.  Was 
she  interested?  Absolutely.  Three  weeks  later 
she  found  herself  heading  up  one  of  Farm¬ 
ers’  largest  service  centers — leading  a  staff 
of  550  who  do  underwriting  and  provide 
administrative  support  for  up  to  5,000 
agents  who  sell  Farmers  insurance. 

The  lessons  Franklin  would  learn  in  the 
trenches  not  only  made  her  a  more  savvy 
businesswoman  but  also  gave  her  an  appre¬ 
ciation  for  how  customers  of  IT  really  use 
technology.  Those  lessons  serve  her  well 
today  because,  as  fate  would  have  it,  the 
CIO  spot  did  open  up  in  March  2003,  when 
Cecilia  Claudio  left  to  head  up  IT  for 
Europe,  Asia  and  Africa  for  Farmers’  par¬ 
ent  company,  Zurich  Financial  Services.  And 
when  Franklin  got  tapped  to  fill  it,  she  was 


more  than  ready.  Here  she  shares  four  les¬ 
sons  that  she  learned  on  the  other  side  of 
the  fence. 


Take  the  Time 
to  Walk  the  Floor 
and  Listen 


FRANKLIN  WAS  ALWAYS  KNOWN  AS  A 

no-nonsense,  bottom-line  manager  with  lit¬ 
tle  patience  for  office  politics  or  excuses — 
and  often  little  patience  for  listening.  She 
had  so  much  experience  that  she  could  act 
quickly  and  decisively.  Markus  Nordlin,  vice 
president  of  IT  strategic  projects,  recalls  that 
after  a  short  time  of  listening  to  a  problem, 
she’d  say,  “You  guys  are  idiots.  This  is  the 
way  it’s  going  to  be.”  While  she  always  did 
this  with  her  tongue  planted  firmly  in  cheek, 
says  Nordlin,  her  good-natured  conversation¬ 
stopping  technique  did  have  the  desired 
effect  of,  well,  stopping  conversations. 

But  when  Franklin  got  to  LASC,  she  had 
no  choice  but  to  learn.  She  was  charged  with 
supporting  the  agents,  with  whom  she  had 
not  worked  directly  and  over  whom  she  had 
minimal  control  since  they  weren’t  on  the 
payroll.  In  Franklin’s  second  week  on  the 
job,  she  realized  she  had  to  get  herself  up  to 


The  Softer  Side  of  Jan  Franklin 

A  stint  on  the  business  side  taught  Farmers’  CIO  about 
the  importance  of  building  relationships 


WHEN  JAN  FRANKLIN  got  called  back  to  the  home  office  to  become  CIO  of  Farmers 
Insurance  (as  well  as  the  local  CIO  for  the  North  American  consumer  business 
of  Farmers’  parent  company,  Zurich  Financial  Services),  her  direct  reports  at  the 
Los  Angeles  Service  Center  (LASC)  made  up  “I  Survived  Jan”  T-shirts,  But  they  also 
gave  her  roses  and  attached  a  lesson  she'd  taught  them  to  each  flower.  "She  was  the 
hardest  person  I  ever  worked  for,”  says  Mary  Monesi,  accounting  manager  at  LASC. 
"But  she  taught  us.  She  made  us  look  for  results.”  Franklin  carves  out  time  to  mentor 
her  employees,  holding  regular  leadership  meetings  to  discuss  the  latest 
management  theory  or  walk  through  a  financial  statement.  Attendance  is  optional, 
but  the  meetings  are  always  packed.  Morale  is  also  important  to  Franklin,  who 
gamely  sat  in  the  dunking  booth  at  a  carnival  she  organized  for  agents  and  threw  an 
employee  appreciation  picnic  for  500  in  the  LASC  parking  lot.  Monesi  says  of 
working  for  Franklin:  “She  made  me  a  better  person.”  -A.D, 


speed,  so  she  set  aside  every  Friday  to  meet 
with  at  least  two  district  managers  and  as 
many  agents  as  she  could.  “I  was  right  in 
front  of  agents  to  hear  what  they  thought 
of  our  systems,  of  the  products  we  produce, 
and  what  their  issues  and  concerns  were.” 
And  soon,  the  listening  paid  off:  Agents 
started  calling  to  let  her  know  that  certain 
processes  were  not  working  properly  or  to 
ask  her  to  do  something  about  a  form,  for 
example,  that  had  been  typed  in  1972  and 
was  still  being  photocopied  and  sent  to 
clients  with  handwritten  annotations.  Talk¬ 
ing  directly  to  agents  “helped  me  in  running 
the  service  center,”  she  says.  “It  also  helped 
me  understand  how  building  these  relation¬ 
ships  was  something  I  should  continue  to 
do  wherever  I  was.” 

Franklin  learned  so  much  on  her  Friday 
road  trips  that  she  suddenly  understood  the 
value  of  talking  to  the  people  on  the  front 
lines.  “It  was  a  shock  to  me  how  much  [my 
job  at  LASC]  was  relationship-building  as 
opposed  to  just  fixing  bugs,”  she  says.  Now 
that  she’s  CIO,  Franklin  schedules  time  to 
walk  the  floor  because  she  realizes  it’s  the 
best  way  to  connect  with  employees. 

Getting  the  IT  staffers  in  the  habit  of  reg¬ 
ularly  listening  to  their  business  counterparts 
is  also  a  new  priority  for  Franklin.  Instead  of 
focusing  just  on  IT’s  two  primary  customers 
(the  heads  of  personal  and  commercial 
lines),  Franklin  and  her  IT  team  created  a 
relationship  manager  program.  She  assigned 
one  of  her  staff  to  most  of  IT’s  30  key  busi¬ 
ness  partners  and  brought  in  trainers  to 
build  their  consulting  skills.  Relationship 
managers  meet  monthly  with  their  business 
partners  to  discuss  business  issues  and 
opportunities  to  apply  IT.  With  this  program 
in  place,  the  business  managers  now  have 
an  easy  way  of  communicating  with  IT  and 
getting  what  they  need. 

Franklin  and  her  team  also  developed  a 
solution  provider  program,  whereby  IT 
staffers  with  advanced  skills  are  assigned  to 
help  business  units  address  specific  needs.  If 
a  relationship  manager  sees  an  opportunity 
to  use  IT  strategically  (say,  to  streamline 
accounting  reports),  a  solution  provider 


86  CIO  OCTOBER  1,  2003  •  www.cio.com 


"iniMtfllipyiyi 


f  1  - 

Lv | 

*  | 

**rr  'a 

i  2J 

-  /  r 

yj 

'  rH 

\  /  aJI 

1  W 

srii 

■it# 

We  see  management 
a  little  differently 
from  the  other  guys. 


At  NetlQ,  we  don't  see  a  problem.  Only  solutions. 
Managing  your  Windows  server  environment  is  easier 
than  ever  with  Microsoft  Operations  Manager.  And, 
as  a  key  Microsoft  partner,  NetlQ  extends  Microsoft 
Operations  Manager  to  manage  and  secure  your 
entire  enterprise,  whether  you're  driving  UNIX, 
NetWare,  Linux,  Windows.. .or  all  of  them.  NetlQ. 
We're  the  management  people.  And  nobody  does 
management  smarter.  Nobody. 


w 


CIO  eBook!  Get  your  free  copy  of  From  Chaos  to  Control: 
The  CIO's  Executive  Guide  to  Managing  and  Securing 
the  Enterprise,  www.netiq.com/manageability, 


0. 

net©. 

Work  Smarter* 


©Copyright  2003  NetlQ  Corporation.  All  rights  reserved. NetlQ  and  the  NetlQ  logo  are  registered  trademarks  of  the  NetlQ  Corporation. 
All  other  names  and  products  mentioned  herein  may  be  the  registered  trademarks  of  their  respective  companies. 


Leadership 


team  is  called  in  to  help.  Team  members 
work  on  the  project  on  their  own  time  but 
get  an  opportunity  to  develop  their  skill  sets. 
And  IT  benefits  by  building  a  more  experi¬ 
enced  staff  (and  by  not  having  to  shell  out 
money  for  outside  consultants). 


Lessor 


IT  Metrics 
Can  Help  the 
Business  Too 


AS  AN  I.T.  VETERAN,  FRANKLIN  THINKS 

in  terms  of  metrics,  process,  discipline.  But 
at  LASC,  she  found  “less  rigor,  not  a  lot  of 
metrics  or  process  documentation.  It  was  all 
in  people’s  heads.  It  was  a  culture  shock.”  In 
fact,  when  she  first  walked  into  the  Simi  Val¬ 


seven  days.  “It  took  us  six  months  to  get 
relatively  accurate  with  it,”  she  says.  “But 
even  just  by  starting  to  measure,  there  were 
improvements.”  Under  Franklin’s  watch, 
service  levels  improved  more  than  20  per¬ 
cent.  “It  was  just  rigor,”  she  says.  “Me  tak¬ 
ing  what  we  typically  do  in  IT — process, 
metrics,  discipline,  rigor — and  applying 
exactly  the  same  things.” 

For  an  IT  pro  like  Franklin,  automating 
the  LASC  was  a  bit  like  Tiger  Woods  play¬ 
ing  a  round  of  miniature  golf.  Franklin 
managed  to  reduce  costs  by  more  than 
10  percent  overall  by  implementing  an  elec¬ 
tronic  fax  management  system,  loading 
paper  commission  reports  into  Excel,  imag¬ 
ing  paper  files,  investing  in  PCs  and  sending 
e-mail  bulletins  instead  of  paper  flyers  to 


“In  the  service  center,  you  see 
the  impact  of  the  IT  error.  That 
wasthebig'aha.’” 


ley  service  center,  she  might  have  been  step¬ 
ping  back  in  time.  A  vast  sea  of  decades-old 
Steelcase  desks  awash  in  paper  stretched  out 
over  four  floors,  each  the  size  of  a  football 
field,  and  green-screen  terminals  topped 
most  of  the  desks.  Most  processes  were 
paper-based  and  hadn’t  changed  in  20  years; 
hardly  anyone  used  e-mail.  Franklin  quickly 
realized  she  had  a  rare  opportunity  to  cut 
costs  and  improve  efficiency  dramatically  by 
eliminating  or  automating  non-value-added 
tasks.  She  simply  needed  to  introduce  the 
rigor  and  metrics  of  IT  along  with  some 
basic,  low-cost  technology. 

A  math  major  in  college  and  a  self-pro¬ 
fessed  metrics  manic,  Franklin  worked  with 
the  LASC  staff  to  figure  out  what  to  meas¬ 
ure.  While  the  concept  of  measuring  took 
some  getting  used  to  for  some  employees, 
they  came  up  with  specific  goals,  such  as  to 
answer  80  percent  of  calls  within  20  sec¬ 
onds  and  get  90  percent  of  the  work  out  in 


-Jan  Franklin,  CIO,  Farmers  Insurance 


the  agents.  Factoring  in  savings  by  consol¬ 
idating  accounting  and  commercial-loss- 
control  staff  for  all  of  California  into 
LASC,  she  saved  a  total  of  $3.3  million 
during  her  tenure. 


Metrics  Don't 
Always  Tell  the 
Whole  Story 


WHILE  METRICS  YIELDED  IMPRESSIVE 

results  at  LASC,  Franklin  also  realized  that 
they  don’t  always  tell  the  whole  story.  Her 
tenure  on  the  business  side  gave  her  an 
opportunity  to  feel  the  pain  of  a  system  hic¬ 
cup  in  real  life.  “When  you  sit  here  in  IT 
and  an  error  occurs,  you  say,  well,  that 
error  affected  5,000  out  of  the  million  or 
so  transactions  we  processed  yesterday.  Big 
deal.  It’s  less  than  half  a  percent,”  she  says. 
“In  the  service  center,  you  see  the  impact  of 


the  error,  how  they  have  to  deal  with  cus¬ 
tomers  and  do  rework  to  fix  it.  That  was 
the  big  ‘aha.’”  But  because  some  mistakes 
are  inevitable,  she’s  instituted  clean-up 
processes  to  mitigate  the  impact  to  the  serv¬ 
ice  centers.  This  fact  hasn’t  escaped  the 
CEO’s  notice.  “Jan  is  much  more  sensitive 
when  something  goes  bump  in  the  night 
than  she  might  have  been  previously 
because  she  had  to  experience  the  other  end 
of  it,”  says  Feinstein.  “She  knows  what  it 
does  to  the  business.” 

Franklin’s  firsthand  experience  also  gives 
her  a  better  sense  of  how  agents  will 
respond  to  the  eAgent  portal  that  IT 
recently  rolled  out — and  helps  her  put  the 
systems’  metrics  in  context  for  her  staff. 
Whereas  she  might  once  have  overestimated 
the  importance  of  a  metric,  such  as 
average  transaction  time,  to  gauge  a 
system’s  success,  she  now  knows  to 
delve  deeper.  “You  guys  don’t  get  it,” 
she’ll  say  to  her  staff.  “Average  trans¬ 
actions  aren’t  what  agents  are  feel¬ 
ing.  I  was  in  an  agent’s  office,  and  it 
took  over  a  minute  for  that  transac¬ 
tion  to  complete.  It’s  just  too  slow 
out  there,  and  they’re  not  going  to 
use  it.”  If  agents  revert  to  their  green-screen 
terminals  instead  of  using  the  portal,  they 
won’t  get  real-time  alerts  when  customers 
are  about  to  cancel  or  haven’t  made  their 
payments.  And  all  the  work  that  IT  put  into 
developing  the  system  won’t  matter. 


Coaches  Get 
Better  Results  Than 
Drill  Sergeants 


FRANKLIN’S  COMMAND-AND-CONTROL 

management  style  had  always  served  her 
well  in  IT.  And  when  she  got  to  LASC,  she 
soon  had  reason  to  apply  it.  Within  a 
month  of  her  arrival,  Franklin  was  hearing 
repeated  complaints  from  agents  about  one 
of  her  functional  areas.  Calls  weren’t  being 
answered  promptly,  documents  weren’t  get¬ 
ting  out  on  time,  forms  were  lost,  and 
claims  were  mispaid.  Franklin  attacked  the 


88  CIO  OCTOBER  1,  2003  •  www.cio.com 


OW  MlLEAuC, 

XEO  &  TESTED 


1 


The  Course  Runs  Front 

27th  OCTOBER  -  14TH  DECEMBER 


i 


CONT^T  nrprftn*  --  ' 


1 


•9 


Call  Steve 
on  Ext  921 


Activity  Schedule  June  1st  -  September  30tl 


1  E 1 


••  O 

nMemDersntp  F 


Rates: 


«...  piuj 

"*?*•**  Oms 


***  Swetete  C*y 
**»'^We  end  ef  Juiy 


'It  VT  FOR  RENT 


J)f£uM  Kit  fix  SAL£ 


Annual  Subscription: 
Subscription  paid  Monthly: 
Joining  Fee: 

Guest  Fee: 

Members  may  bring  the  same  guest  i 

Opening  Times: 


Monday  to  Friday: 
Saturday  and  Sunday: 


CALL  dCAJMy  EXT  2.6| 


Members  are  entitled  to  unlimited  use  ot  ~ 
services  and  specialist  courses.  Facititie 


Tcl:  0SI(ZO35ra^ 

tea:  0W3| 9^414 

031 A03  8126 

^-mat4  :  J«Arttj(S>. in|erro . oom. 


°dda  R. 

Commends 

Minerva  Clea^r- 


f or  the 


“Kofyouruur 


KrdrcK>m  flat 

fi2£*** 

hare# 

r^rtv  aho  hpgju 


R/41 


^•^onandtht^ 
^^ybecare 


ec  u  'Up  ®  °— 
8<F+l-'.  B.rvte> 

Ne*'°cMon_,W 

30 


TCAHUra  vki 


^INERV/a 


e-'ce 


There  are  already  successful  multi-channel 
integration  systems  at  work  in  your  organization. 


With  all  these  points  of  contact,  this  employee  has  increased  her  chances  of  making  a  sale.  It  may  seem  basic,  but  that’s  where  a  decent 
CRM  Programme  starts  -  maximising  your  client  contact  channels.  BT  offers  a  range  of  innovative  CRM  solutions  such  as  outsourced 
contact  centres,  making  sure  that  the  right  information  reaches  the  right  person  at  the  right  time  -  bringing  together  all  your 
customer  information  in  harmony.  Because  we  all  know  that  in  business,  communication  is  everything.  To  find  out  how  your  business 
communications  could  run  like  your  human  communications,  contact  us  on  1-888-331  4568  or  www.bt.com/globalservices 


www.bt.com/globalservices 


BT  V 


/ 


/ 


c.nLirf 


m"«  'op-.n0 

tK*1— 

ifflffiSS!** 


isiiii#;® 


Global  Business  and  IT  Consultants 
ams.com/results 


problem  with  her  tried-and-true  militaristic 
approach.  “I  sat  down  with  staff  members 
and  said  we  would  have  it  fixed  by  this 
date,  come  hell  or  high  water,”  she  recalls. 
Within  three  months,  they’d  addressed 
many  of  the  service  problems,  but  a  staff 
survey  also  revealed  that  morale  was  horri¬ 
ble.  Franklin  realized  that  to  sustain  the 
improvements  and  to  make  further 
progress,  she’d  need  to  shift  to  a  participa¬ 
tive  management  style.  So  she  gathered  the 
troops  and  explained  why  she  handled  the 
problem  the  way  she  did:  She’d  wanted  to 


Leadership 

say  she’s  a  better  listener.  “Before,  she’d  just 
cut  you  off,  saying,  ‘You  don’t  get  what  I 
mean.’  Now  she’ll  listen  to  you  go  through 
your  little  diatribe  of  why  things  are  the  way 
they  are,”  says  James  Fridenberg,  vice  pres¬ 
ident  of  IT  applications  and  development. 

Recalling  Franklin’s  pre-LASC  days, 
Nordlin  says,  “when  a  situation  would  arise, 
Jan  would  listen  real  quick  to  understand  it, 
make  a  decision,  and  off  she’d  go.  She  was 
comfortable  doing  that  and  generally  was 
right.”  But  given  the  same  circumstance 
today,  “she  is  much  more  likely  to  call  in 


“Now  Jan  is  much  more 
likely  to  consider 
individuals’  input  before 
making  a  decision.” 

-Markus  Nordlin,  VP  of  IT,  Farmers  Insurance 


At  AMS,  we  know  a  lot  about  technology. 
Even  better,  we  know  a  lot  about  the 
businesses  we  work  with.  For  more  than 
30  years  we've  helped  government 
agencies,  telecommunications  firms, 
and  financial  services  firms  achieve 


turn  the  organization  around  quickly.  The 
staff  then  told  her  it  would  have  been  easier 
to  take  if  she’d  explained  what  she  was 
doing  up  front.  Franklin  got  the  message 
and  switched  into  collaborative  gear,  put¬ 
ting  the  ball  in  their  court  to  suggest  and 
sustain  further  improvements.  Employee 
morale  improved,  says  Franklin,  and  in  a 
survey  of  agents  some  six  months  later,  this 
functional  area  was  rated  one  of  the  better 
groups  at  LASC. 

These  days,  Franklin  rarely  calls  on  her 
command-and-control  tactics.  Her  reports 
say  that  her  style  is  collaborative,  and  she’s 
more  likely  to  coach  than  dictate.  They  also 


Learn  More  About  Leadership 


Jan  Franklin's  school  of  hard  knocks  is  one  way  to 
cut  your  leadership  teeth.  Another  is  to  check  out  our 

LEADERSHIP  &  MANAGEMENT  RESEARCH  CENTER 

for  the  latest  survey  information  and  related  features 
from  CIO  and  its  partners.  Gotowww.cio.com/ 
leadership. 


cio.com 


the  various  parties,  hear  various  sides  of  the 
story,  and  consider  individuals’  input  before 
making  a  decision.” 

From  Feinstein’s  point  of  view,  Franklin’s 
stint  on  the  front  lines  allows  her  to  bring 
more  value  to  the  table  as  a  senior  execu¬ 
tive  at  Farmers.  “Jan  can  now  provide 
greater  insight  and  advice  as  to  where  we 
should  focus  our  attention,”  he  says.  “She 
has  the  ability  to  step  back  and  say,  ‘Let  me 
share  with  you  where  you’re  going  to  get 
the  advantage.’  I  think  that’s  something  she’s 
been  able  to  learn  as  a  result  of  being  on 
both  sides.” 

Now  that  she’s  on  the  IT  side  of  the  fence, 
it’s  a  standing  joke  with  her  staff  that  she’s 
no  longer  allowed  to  say,  “When  I  was  in 
the  service  center....”  But,  of  course,  Franklin 
does  regularly  draw  on  those  experiences, 
and  she’s  a  better  CIO  for  it.  BH 


Senior  Editor  Alice  Dragoon  can  be  reached  at 
adragoon@cio.  com . 


high-performance  results.  How?  Not  by 
acting  like  someone  in  our  industry,  but 


www.cio.com  •  OCTOBER  1,  2003  CIO  91 


Sound  Off 

Taking  Sides  on  Critical  IT  Issues 


Should 

Software 

Vulnerabilities 

Be  Posted 
Online? 

JEFF  JONES,  SENIOR  DIRECTOR  of  Microsoft’s  Trustworthy  Com¬ 
puting  security  initiative,  was  quoted  in  late  July  in  an  Associ¬ 
ated  Press  article  making  a  statement  that  seems  at  first  to  be 
the  understatement  of  the  year.  Referring  to  the  online  publi¬ 
cation  of  code  that  could  help  hackers  take  advantage  of  a 
recently  discovered  flaw  in  most  versions  of  Windows  operat¬ 
ing  systems,  Jones  said,  “We  continue  to  believe  that  publica¬ 
tion  of  exploit  code  in  cases  like  this  is  not  good  for  customers.” 

Jones’s  conviction  that  giving  hackers  the  key  to  the  castle 
was  not  good  for  those  of  us  who  live  inside  the  castle  seemed, 
to  most  readers,  to  be  a  statement  of  the  obvious.  The  strange 
thing  is,  the  obvious  isn’t  so  obvious  to  security  experts.  A  great 
many  security  experts  think  the  best  way  to  make  sure  that 
security  holes  are  plugged  as  quickly  as  possible  is  to  get  as 
much  information  as  possible  to  the  greatest  number  of  people 
as  quickly  as  possible.  In  other  words,  if  more  people  are  famil¬ 
iar  with  the  problem,  then  more  people  will  work  on  finding  a 
solution.  In  the  meantime,  of  course,  posting  that  information 
is  the  equivalent  of  serving  up  a  bomb  for  any  company  that 
has  not  yet  installed  the  appropriate  patches. 

92  CIO  OCTOBER  1,  2003  •  www.cio.com 


In  July,  several  websites,  following  the  lead  of  a  “security 
research  group”  based  in  China,  published  the  program  that 
could  allow  hackers  to  gain  control  of  a  Windows  operating 
system  by  entering  the  system  through  a  hole  in  the  Distributed 
Component  Object  Model  Interface.  Malicious  hackers  could 
put  that  knowledge  to  work  creating  mass-mailer  worms  that 
move  from  one  computer  to  the  next,  leaving  havoc  in  their 
wake.  And  while  none  of  the  code  was  published  until  nine 
days  after  Microsoft  had  announced  the  flaw  and  offered  a 
patch,  the  publication  ratcheted  up  the  risk  for  those  systems 
that  had  not  installed  the  patch.  On  the  other  hand,  its  publi¬ 
cation,  and  consequent  publications  (such  as  this  one)  about  its 
publication,  helped  to  warn  of  what  some  experts  have  called 
the  worst  Windows  security  hole  in  history. 

The  debate  about  whether  to  publish  exploit  code  is  clearly 
illustrated  by  the  public  response  to  this  most  recent  episode.  In 


ILLUSTRATION  BY  JOHN  UELAND 


WHAT  IS  THE 


pffshore 

Outsourcing 

r YOU  NEED  TO  GET  SMART  FAST 


Which  countries  should  you  consider?  What  is  the  best  way  to 
get  in— and  out  of— a  deal?  Should  you  work  with  an  offshore 
broker?  How  can  you  effectively  work  with  foreign  agents 
and  limit  political  risks?  Turn  to  the  CIO  FOCUS™  on  OFF¬ 
SHORE  OUTSOURCING:  NAVIGATING  THE  OPPORTUNI¬ 
TIES  AND  RISKS— actionable  information  created,  filtered  and 
packaged  by  the  award-winning  editors  of  CIO  magazine. 

CIO  FOCUS™  is  delivered  right  to  your  desktop  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours.  Available  now  at 
an  introductory  price. 


CIO  FOCUS™ 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Software  Vendor  Relationships: 
Selecting,  Vetting  and  Managing 
Partners 

The  Elite  CIO:  Principles 
and  Practices  of  Top-Tier 
IT  Leadership 


CIO  FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


The  Resource 
for  Information 
Executives 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE. 

www.TheCIOStore.com 


Sound  Off 


this  case,  as  in  many  cases,  the  first  group  to  publish  the  code 
was  not  the  group  that  discovered  the  flaw.  That  honor  goes  to 
a  group  of  Polish  experts  known  as  The  Last  Stage  of  Delirium 
Research  Group,  or  LSD,  which  found  the  flaw  more  than  a 
month  before  it  dutifully  sent  a  message  to  Microsoft,  which 
scrambled  to  create  a  patch.  As  it  happens,  LSD  was  not  always 
such  a  good  scout.  Last  April,  the  group  was  slammed  by  secu¬ 
rity  experts  after  it  released  exploit  code  for  a  devastating  Send- 
mail  flaw.  In  response,  LSD  issued  a  public  statement  asserting 
its  conviction  that  failure  to  publish  detailed  information  about 
security  flaws  could  be  more  damaging  than  publishing.  This 
time  around,  LSD  showed  the  kind  of  restraint  that  its  critics 
had  called  for.  The  result:  The  group  was  slammed  by  security 
experts  who  agree  with  LSD’s  public  statement. 

What  do  you  think?  Does  the  publication  of  exploit  code 
help  or  hinder  Internet  security? 

Sound  Off  is  a  weekly  column  about  current  IT-related 
issues.  Web  Editorial  Director  Art  Jahnke  (ajahnke@cio.com) 
always  welcomes  feedback. 

I  THINK  THIS  IS  THE  WRONG  QUESTION.  SHOULD  THERE  BE 

exploits  to  be  published  online?  is  a  better  question.  Just  take  a 
look  at  the  long  list  of  vulnerabilities  published  for  just  the  past 
few  days  on  sites  such  as  Symantec.  Nearly  every  major  vendor 
of  software  is  listed  for  some  problem.  Recently,  we  have  had 
major  busts  on  Microsoft  and  Cisco  IOS  that  have  kept  my 
folks  much  too  busy,  and  we  no  longer  seem  to  have  the  time  to 
test  patches  before  the  next  one  is  released.  How  about  a  new 
feature  in  the  feature-rich  software:  no  vulnerabilities! 

Gerald  McGowan 
Security  and  Privacy  Officer 
Monette  Information  Systems 


I  FEEL  THAT  THE  QUESTION  THIS  ARTICLE  ALLUDES  TO  IS  MOOT. 

Yes,  we  can  logically  support  that  it  is  unethical  to  post  “holey” 
code  before  giving  the  vendor  a  chance  to  fix  it,  but  honestly,  this 
is  a  reflection  of  the  world  we  live  in.  Get  used  to  it. 

I  also  sympathize  with  Gerald  McGowan  (previous  respon¬ 
der)  in  that  we  no  longer  have  time  to  test  before  implement¬ 
ing  fixes.  The  immediacy  of  patch  implementation  and  the 
frequency  with  which  they  are  delivered  are  overwhelming.  I 
applaud  Microsoft  and  others  for  building  very  complex, 
feature-rich  OSs  and  apps,  but  I  lament  the  fact  that  I  need  to 
“manage”  security  patch  updates  weekly  across  the  enterprise 

as  part  of  my  scheduled  tasks. 

Posting  “at  risk”  code  prior  to 
notifying  the  vendor  is  selfish,  short¬ 
sighted  and  malicious.  People  who 
do  so  should  be  penalized.  Hackers 
don’t  think  ahead  to  recognize  the 


Share  Your  Opinion 


Want  to  SOUND  OFF  on  this  or  other 
topics?  Join  the  ongoing  debates  at 

www.cio.com/soundoff 

cio.com 


billions  of  people  whose  lives  are  damaged  by  each  attack.  Their 
limited  vision  provides  them  only  with  glimpses  of  short-term 
authority  absent  long-term  responsibility  and  consequences. 

We  as  IT  must  maintain  vigilance  on  all  fronts.  We  owe  it  to 
our  organizations,  families  and  coworkers. 

The  question  is  no  longer  should  buggy  code  be  posted  for 
all  to  exploit,  but  how  do  we  defend  against  the  inevitable? 

James  A.  Taylor 
CEO 

AlCompany.  com 

WHILE  I  STRONGLY  AGREE  THAT  WE  HAVE  TO  ALERT  THE 

masses  that  a  danger  exists,  I  just  as  strongly  believe  that  pub¬ 
lishing  the  code  gives  even  the  most  novice  hacker  the  keys  to  the 
city.  That  places  many  more  systems  in  danger  than  is  necessary. 

Microsoft  isn’t  the  only  bad  guy  in  this  situation.  We  need  to 
take  some  of  the  blame  as  we  continually  want  bigger,  faster, 
more  fully  integrated  systems  that  will  work  with  anyone’s 
hardware  and  software  and  be  completely  secure. 

We  need  to  slow  down  on  our  requests  for  more  and  bigger, 
and  instead  require  more  secure.  If  we  stop  buying  more — and 
only  more  secure — it  will  get  their  attention. 

Robert  Graves 

Manager,  Network  Administration  and  Security 

HOW  THIS  THING  WITH  MICROSOFT  WORKS:  1.  THEY  DEVELOP 

software,  2.  They  sell  the  software  to  me.  3.  The  software  has 
lots  of  bugs  that  damage  my  business.  4.  They  then  demand 
that  I  pay  an  annual  maintenance  fee  to  fix  the  bugs  (MS- 
Technet  is  not  free).  5.  Instead  of  fixing  the  bugs,  they  develop 
a  new  version.  6.  Instead  of  giving  me  the  new  version,  they 
sell  it  to  me.  7.  I  notice  that  many  of  my  old  applications  no 
longer  work.  8.  I  have  to  buy  new  versions  of  the  languages 
(databases,  whatever)  needed  to  make  them  work.  And  guess 
what!  I  have  to  buy  all  of  this  from  Microsoft.  9. 1  then  have  to 
fund  the  reprogramming  and  testing  of  replacement  software 
(talk  about  a  lack  of  ROI  here!).  10.  Then  the  cycle  starts  over. 

Should  they  be  responsible  for  the  security  bugs?  They 
should  be  responsible  for  all  bugs.  But,  unfortunately,  our  lax 
government  is  not  willing  to  enforce  the  antitrust  acts  against 
a  monopolist. 

Jim  Smith 

Management  Consultant 

SUFFICIENT  INFORMATION  SHOULD  BE  PUBLISHED  TO  ALLOW 

users  to  determine  if  they  need  a  fix  or  patch,  but  not  enough 
information  to  give  anyone  enough  to  exploit  that  code. 

Robert  Firestone 

President 

Systems  Development  Enterprises 


9  4  CIO  OCTOBER  1,  2003 


www.cio.com 


THERE  MAY  BE  A 
BIGGER  INDEPENDENT 
INTEGRATION 

SOFTWARE  PROVIDER 

OUT  THERE 


SOMEWHERE 


BUT  UNTIL  SCIENTISTS 


MAKE  CONTACT,  WE  PROUDLY 
OFFER  THE  SERVICES  OF  THE 
EARTH’S  LARGEST. 

TIBCO  Software  has  made  real-time  business 
and  integration  a  reality  for  more  than  2,000 
leading  companies.  The  reasons?  Our  proven, 
comprehensive,  and  easily-deployed  solutions.  To  discover  why  TIBCO  continues 
to  be  chosen  over  all  the  integration  providers  out  there,  call  800-420-8450  or 
visit  www.tibco.com. 


ISTIBCO 


The  Power  of  Now™ 


From  the  Publisher 

gbeach@cio.com 


Beware  of  the 
Telephone 

I  RECENTLY  ATTENDED  a  presentation  by  Kevin  Mitnick,  the  infamous 
and  reformed  hacker  and  president  of  Defensive  Thinking,  a 
consulting  and  training  company  aimed  at  helping  clients  pre¬ 
vent  information  theft.  His  topic  was  social  engineering,  a  con¬ 
cept  focused  on  what  Mitnick  considers  to  be  the  weakest  link 
in  corporate  infrastructure  security — human  beings. 

According  to  Mitnick,  too  few  companies  have  stringent 
security  governance  policies  and  procedures  in  place.  Informa¬ 
tion  is  not  valued,  and  most  employees — besides  receiving 
e-mails  from  the  IT  department  about  this  virus  or  that — are 
clueless  as  to  the  real  threats  of  damaging  security  breaches. 

Most  employees  think  of  hacks  originating  via  a  computer. 
Wrong,  says  Mitnick.  He  points  the  most  damaging  finger  at 
the  telephone,  a  device  preferred  by  social  engineering  hacks  to 
extract  small  pieces  of  seemingly  useless  information  that  they 
can  then  piece  together  to  cause  catastrophic  security  breaches. 

Telephone-enabled  hacks  are  preferred  by  the  really  smart 
bad  guys  over  computer  hacks  because  there  is  less  of  an  audit 
trail.  Moreover,  telephone  break-ins  work  against  any  com¬ 
pany  regardless  of  its  tech  infrastructure. 

According  to  Mitnick,  social  engineering  hacks  target  four 
typical  categories  of  employees:  low  paid  employees  and  staff 
with  low  morale;  executive  gatekeepers;  remote  office  workers; 
and  new  hires.  To  prevent  security  breaches,  Mitnick  encour¬ 
ages  people  never  to  share  or  transmit  their  e-mail  or  network 


log-in  passwords.  He  recommends  companies  pay  particular 
attention  to  remote  workers  by  counseling  them  to  be  espe¬ 
cially  vigilant  in  protecting  remote  access  dial-in  data.  He 
advises  companies  to  put  generic  e-mail  addresses  on  their  web¬ 
sites  such  as  sales@cio.com  rather  than  revealing  the  real 
e-mail  addresses  of  real  employees  ( gbeach@cio.com ).  If  a 
sophisticated  hacker  can  easily  guess  your  company’s  e-mail 
nomenclature,  that  hacker  can  do  lots  of  damage  fast. 

Social  engineering  criminals  are  adept  at  surveillance  tech¬ 
niques,  and  they  are  also  experts  at  exploiting  human  trust. 
Plus,  they  are  avid  readers  of  IT  employment  ads  in  local  news¬ 
papers  or  sites  like  Monster.com — ads  that  often  provide  great 
detail  on  the  tech  infrastructure  in  place  at  their  intended  tar¬ 
get.  Paper  shredders,  too,  might  be  a  good  deterrent;  according 
to  Mitnick,  hackers  are  skilled  Dumpster  divers! 

Feeling  secure?  Several  months  back,  this  column  suggested 
the  formation  of  the  Security  Underwriters  Laboratories,  or 
SUL  (see  “Certify  Security,”  icww.cio.com/printlinks) ,  a  group 
that  would  focus  a  great  deal  of  energy  in  auditing  security 
governance  policies  and  procedures.  Too  many  companies  are 
penny-wise  and  pound-foolish  when  it  comes  to  addressing 
their  most  vulnerable  security  threat:  employees.  A  strong  SUL 
would  address  that  need.  Drop  me  a  note  with  thoughts  on 
how  collectively  we  can  get  the  SUL  started. 

As  Mitnick  is  fond  of  saying,  “There  is  no  patch  for  stupidity.” 


9  6 


CIO  OCTOBER  1,  2003 


www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


When  there  are  no  words, 

there  is  action. 


The  atrocities  committed  in  New  York,  Washington,  D.C.  and  Pennsylvania  have 
left  us  all  speechless  and  searching  our  souls.  Mothers  and  fathers,  friends  and  loved 
ones,  are  lost  under  mountains  of  concrete,  steel,  and  hatred.  As  the  dust  settles 
and  the  tears  flow,  United  Way  is  there,  lending  a  helping  hand  with  compassion 
in  action.  But  the  commitment  doesn’t  end  there.  Across  America,  1400  local 
United  Ways  are  helping  families  and  children  cope,  providing  counseling,  and 
promoting  tolerance  and  anti-violence  in  our  communities.  Please  join  the  cause. 

To  find  out  how  you  can  help  your  community  heal,  log  on  unitedway.org. 


Unibed  W^y 

The  Way  America  Cares. 
Community  by  Community.™ 


HIRING 


FIRING 


INSPIRING 


Hot 

Seat 


Inside 

MANAGEMENT 
REPORT  I  102 

The  Loyalty  Lag:  Ten  ways 
to  develop  the  truly  loyal 
employee 

LEADERSHIP  AGENDA  I  104 

By  Susan  H.  Cramm 

The  M.I.A.  CIO:  Five  ways 
to  regain  your  focus— 
and  retain  your  job 

Reader  Q&A 


How  comfortable  do  you 
find  the  hot  seat?  E-mail 
Leadership  and  Management 
Editor  Edward  Prewitt  at 
hotseat@cio.com. 


Secrets  to  Managing  Techies 

IT  employees  are  different .  Here's  how  to  lead  them . 

BY  MEGAN  SANTOSUS 


If  you  want  to  be  a  better  leader  of  your 
IT  staff,  then  it’s  best  not  to  rely  on  that 
staple  of  leadership  books,  the  profiles 
of  military  leaders  such  as  Attila  the 
Hun,  George  Patton  or  Colin  Powell. 
IT  employees  don’t  respond  well  to  a 
leadership  style  based  on  power  and  con¬ 
trol.  That’s  because  IT  work — program¬ 
ming,  systems  analysis,  troubleshooting 
and  the  like — is  centered  on  individual 
problem-solving  that  can’t  be  directed 
from  above. 

Since  IT  work  is  inherently  creative, 
effective  leadership  of  IT  workers  means 
facilitating  work  that  is  often  chaotic  and 
goals  that  are  rife  with  ambiguities.  The 
context  of  leading  an  IT  organization 
includes  aligning  IT  projects  with  busi¬ 
ness  strategy,  conveying  direction  to  IT 
employees  that’s  consistent  with  that 
strategy,  and  keeping  IT  employees 
focused  on  end  user  needs. 

Some  big-picture  leadership  skills,  such 
as  communication,  vision  and  negotiation, 
are  the  same  whether  one  is  a  CEO  or  a 
CIO,  says  Paul  Glen,  author  of  the  recent 
book  Leading  Geeks:  How  to  Manage 
and  Lead  the  People  Who  Deliver  Tech¬ 
nology.  “At  its  heart,  leadership  is  all 
about  relationships  with  people,”  he  says. 

But  IT  leadership  skills  diverge  into 
unique  territory  when  CIOs  are  immersed 
in  the  day-to-day  operations  of  an  IT 
department.  They  must  motivate  IT 
workers  who  thrive  on  challenges  and 
aren’t  primarily  driven  by  monetary  car¬ 
rots  or  perks,  and  who  love  technology 
but  sometimes  need  to  be  pushed  to 
apply  it  in  ways  that  help  others  do  their 
jobs.  What’s  more,  many  CIOs  (who  still 
tend  to  come  up  through  the  IT  ranks) 
make  the  mistake  of  focusing  on  technol¬ 


ogy  rather  than  employees,  Glen  says. 

No  wonder  that  in  a  recent  CIO  sur¬ 
vey,  underlings  don’t  give  CIOs  high 
marks  for  leadership.  Of  the  400  partic¬ 
ipants  in  our  online  “What  Do  You 
Think  of  the  CIO?”  survey,  only  about 
half  said  their  CIOs  foster  a  team  envi¬ 
ronment,  use  praise  and  constructive 


Documentum  CIO  George  Lin  bans  all  tech 
talk  among  IT  staffers  until  they  understand 
the  business  effects  of  a  project. 

feedback  to  motivate,  and  delegate  effec¬ 
tively  (for  the  complete  survey,  go  to 
www. cio.com/printlinks ) .  Here’s  how  to 
get  on  the  right  side  of  that  divide. 

Embrace  Your  Inner  Techie 

They  might  bristle  at  stereotypes,  but  IT 
employees  do  share  certain  tendencies 
that  set  them  apart  from  workers  in  sales, 
finance  and  manufacturing.  As  creative 
problem-solvers,  IT  staffers  get  absorbed 
in  whatever  projects  they  are  working  on, 
often  at  the  expense  of  relating  to  col- 


98  CIO  OCTOBER  1,  2003  •  www.cio.com 


PHOTO  BY  SETH  AFFOUMADO 


IBM  recommends  Microsoft 
Windows  XP  Professional 
for  Business 


ibm.com/pc/think 


-.101*1 


What  if  your  data  was  locked  down 
and  mobile  at  the  same  time? 


What  if  you  could  combine  the  safety  of  a  locked  office 
with  the  freedom  of  no  office  at  all?  This  ThinkPad®  T40  is 
equipped  with  wireless  Intel®  Centrino™  Mobile  Technology, 
data  encryption  and  embedded  security1  making  it  the 
most  secure  wireless  notebook  in  the  industry.2 
So  your  work  can  stay  protected  behind  closed  doors. 
And  you  don’t  have  to  be. 


ThinkPad? 

Where  the  world’s  most  innovative  people  choose  to  think 


Insert  fk>mo 


Pause 


Cops  Lock. 


centrmo 


ThinkPad  T40 
2373-72U 


'  Requires  download  of  software  from  IBM.  This  security  provides  an  extra  layer  of  protection  for  your  passwords  and  documents.  No  one  offers  stronger 
security  as  a  standard  feature  on  a  wireless  PC.  IBM  product  names  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation. 
Intel.  Intel  Centrino.  Intel  Inside,  the  Intel  Centri.no  logo,  and  the  Intel  Inside  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries 
in  the  United  States  and  other  countries.  All  other  company  names  are  trademarks  of  their  respective  companies.  2003  IBM  Corp.  All  rights  reserved. 


leagues  outside  of  IT. 
As  technology  afi¬ 
cionados,  IT  employ¬ 
ees  sometimes  don’t 
have  much  patience 
with  people  who  don’t 
share  their  enthusiasm  for  all  things  tech¬ 
nical.  And  when  it  comes  to  organiza¬ 
tional  politics  and  Machiavellian 
maneuvers,  most  IT  people  couldn’t  be 
bothered.  For  their  part,  employees  out¬ 
side  of  IT  may  not  appreciate  the  nature 
of  IT  work,  so  CIOs  need  to  serve  as  a 
bridge  between  disparate  groups. 

Grasp  the  traits  that  make  IT  employees 
tick  to  provide  them  with  direction,  moti¬ 
vation  and  goals.  Kevin  Orr,  a  former  CIO 
for  the  Army  hospital  at  Fort  Rucker  in 
Alabama,  finds  parallels  between  IT  work¬ 
ers  and  artists.  “IT  people  tend  to  work  in 
tremendous  spurts  interspersed  with  dry 
spells,”  he  says.  Currently  a  systems  engi¬ 
neer  at  Northrop  Grumman  Mission  Sys¬ 
tems,  Orr  says  it’s  essential  that  CIOs 
provide  IT  employees  with  clear  guidelines 
on  tasks  and  communicate  overall  goals. 
But  when  it  comes  to  the  day-to-day  work, 
CIOs  need  to  let  IT  employees  pace  them¬ 
selves  as  long  as  quality  and  deadlines 
aren’t  compromised.  Yet  even  CIOs  who 
enjoy  an  insight  into  the  IT  mind  worthy 
of  Freud  won’t  get  far  if  they  lack  credi¬ 
bility  and  respect  from  their  staffs.  That’s 
where  technical  knowledge  comes  in. 

As  far  as  leadership  goes,  “the  major 
difference  in  being  a  CIO  compared  to  a 
CEO  is  that  IT  people  have  little  toler¬ 
ance  for  anyone  who  doesn’t  understand 
what  they  do,”  says  Steven  Steinbrecher, 
former  CIO  of  Contra  Costa  County  in 
California.  “If  they  think  you  are  tech¬ 
nology-stupid  and  they  can  buffalo  you, 
they  will.”  Steinbrecher,  who  retired  in 
July  after  nearly  30  years  in  IT,  says  that 
in  every  CIO  job  he’s  had,  at  least  one 
employee  showed  up  at  his  office  within 
the  first  few  weeks  to  test  his  knowledge. 

Jeff  Chasney,  executive  vice  president 
and  CIO  of  CKE  Restaurants,  sounds  a 


similar  note.  “Credibility  is  the  key  sepa¬ 
rating  effective  leaders  from  less  effective 
ones,”  he  says.  “If  you  have  a  baseline  of 
knowledge,  if  you  question  IT  employees 
on  their  assumptions,  they’ll  develop  a 
deep  appreciation  for  you.” 

The  depth  required  for  a  CIO’s  tech¬ 
nical  knowledge  depends  to  a  great 
extent  on  the  size  of  the  organization. 
When  complemented  by  a  CTO,  CIOs 
can  succeed  with  less  technical  acumen 


as  long  as  they  understand  how  IT  work 
gets  done.  At  bottom,  “the  IT  staff  needs 
to  know  that  the  individual  leading  the 
organization,  setting  the  strategic  direc¬ 
tion  and  working  with  customers  is 
someone  who  understands  what  it  takes 
to  make  IT  happen,”  says  Terese  Butler, 
the  deputy  director  of  IT  at  California’s 
Employment  Development  Department, 
A  high-level  understanding  of  tech¬ 
nology  is  essential  for  another  reason  as 
well:  the  CIO’s  role  of  intermediary 
between  the  IT  group  and  business 


units.  Techies  may  think  the  world 
revolves  around  technology,  but  it’s  the 
CIO’s  job  to  make  sure  technology  takes 
a  backseat  to  business  needs.  CIOs 
should  constantly  hammer  this  message 
home  in  a  way  that  doesn’t  ruffle  any 
IT  employees’  feathers.  George  Lin,  vice 
president  and  CIO  at  Documentum,  a 
provider  of  content  management  soft¬ 
ware,  keeps  business  needs  at  the  fore¬ 
front  by  banning  technology  talk  with 


his  IT  employees.  “I  never  talk  technol¬ 
ogy  to  my  own  people,”  he  says,  opting 
instead  to  “talk  about  how  their  work  is 
related  to  the  business.” 

To  discourage  conversations  focused 
on  technology,  Lin  demands  that  his  75 
IT  staffers  first  understand  the  business. 
In  tackling  a  systems  integration  proj¬ 
ect,  for  example,  Lin  requires  IT  folks 
to  first  draw  out  the  entire  business 
process  flow  involved  in  the  project 
before  they  can  focus  their  attention  on 
specific  EAI  tools. 


MANAGING  YOUR  I.T.  ORGANIZATION 

Four  Essentials  for  Leading  Techies 

IN  HIS  BOOK  Leading  Geeks:  How  to  Manage  and  Lead  the  People  Who  Deliver 

Technology,  self-described  geek  and  consultant  Paul  Glen  identifies  four  actions 

indispensable  for  CIOs  who  hope  to  lead  IT  staffers. 

1.  Motivate  the  ranks.  Avoid  incentives  designed  to  promote  certain  behavior 
(for  example,  staff  the  help  desk  12  hours  a  day)  and  concentrate  instead  on 
creating  conditions  (such  as  establishing  career  paths  and  setting  achievable, 
measurable  goals)  under  which  motivation  can  develop. 

2.  Facilitate  teamwork.  IT  staffers  shouldn’t  work  in  isolation.  It’s  your  job 

to  encourage  and  coordinate  the  free  flow  of  ideas  and  activities  among  the 
various  IT  teams. 

3.  Publicize  achievements.  Let  the  business  side  know  exactly  how  IT 
contributes  to  the  strategic  goals  of  the  organization. 

4.  Provide  clarity.  So  that  IT  employees  aren’t  working  in  the  dark,  explain  the 
goals  of  your  department,  highlight  project  priorities  and  outline  individual 
responsibilities. 


100  CIO  OCTOBER  1,  2003  •  www.cio.com 


Wireless  computing, 
No  strings  attached, 


What’s  the  point  of  having  easier  wireless  if  connecting  to  it 
is  so  complicated?  On  this  ThinkPad®  X31  with  Intel®  CentrinoT 
Mobile  Technology,  Access  Connections  ensures  that  settings 
are  automatically  saved  for  different  environments.  Network 
settings  automatically  search  for  the  fastest  connection 
speed.  The  industry’s  easiest  wired  and  wireless  connectivity 
automatically  becomes,  well,  easier. 


ThinkPad? 

Where  the  world’s  most  innovative  people  choose  to  think 


MOBILE 

TECHNOLOGY 


IBM  recommends  Microsoft 
Windows  XP  Professional 
for  Business 


ibm.com/pc/think 


Insert  Home 

<*  t 


Delete  End 


4— J  Enter 


centrmo 


ThinkPad  X31 
2672-CBU 


IBM  product  names  are  trademarks  or  registered  trademarks  of  International  BusineswflPSftiesCorporation.  Int^i 
Intel  Centrino,  Intel  Inside,  the  Intel  Centrino  logo  and  Intel  Inside  logo  are  trademarks  or  regiske(l||^deijjj|||pW 
Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries,  «  >2003  IBM  Corp.  All  rigjfs  reserved 


*  ft  ■'  ’■ 

i  1  M  *» 

* 

V 

.  ©  '/o  i. 

r  c'vjssa 

. 

PrtSc 

F?  F3  F4 

1  ax||  Idyl 

5 

'/iS 

F7 

F8  F9 

F10 

Hot 
Seat 


Know  Where  IT 
Should  Go 

When  it  comes  to 
motivating  IT  workers, 
a  hands-off  philosophy 
works  best.  “If  you 
know  how  to  work  with  techies,  they  are 
the  easiest  kind  of  employees  to  motivate,” 
says  Chasney.  “They  don’t  need  cushy 
perks,  personal  recognition  or  bonuses; 
they  thrive  on  creatively  solving  prob¬ 
lems.”  When  CKE  Restaurants  recently 
launched  a  project  to  retrofit  DOS-based 
software  onto  new  Windows-based  point- 
of-sale  hardware,  Chasney  challenged  his 
team  to  come  up  with  a  way  to  do  it  with¬ 
out  cracking  the  existing  code,  an  approach 
that  required  heavy-duty  technical  wran¬ 
gling.  By  encouraging  his  people  to  look  at 
the  problem  in  a  different  light,  they  came 
up  with  a  simple,  elegant  solution  in  two 
days.  Chasney’s  lesson:  Don’t  tell  IT  people 
how  to  solve  a  problem.  Plant  an  idea  of 
where  you  want  them  to  go,  give  them  the 
resources  they  need,  and  let  them  find  their 
own  path  to  the  solution. 

One  ongoing  leadership  challenge  for 
CIOs  is  communicating  how  IT  con¬ 
tributes  to  the  business.  This  isn’t  only 
about  establishing  ROI  (although  that’s 
always  a  bugbear);  it’s  about  boosting  the 
morale  of  IT  employees  by  showing  them 
how  their  work  aids  and  abets  business 
performance.  “Evaluating  and  recognizing 
our  contribution  is  tough  in  IT  because 
we’re  a  couple  of  steps  removed  from  the 
end  result,”  says  Tim  Buckley,  managing 
director  of  IT  at  financial  services  com¬ 
pany  The  Vanguard  Group.  With  a  typi¬ 
cal  project  lasting  12  to  18  months,  IT 
employees  don’t  always  see  how  their 
work  pays  off.  That’s  a  problem  when  the 
IT  department  itself  is  judged  on  how 
effectively  it  supports  the  business.  CIOs 
have  to  highlight  IT’s  contributions  to  both 
employees  and  business  users.  “It  comes 
down  to  communicating  overall  organi¬ 
zational  goals  and  showing  employees 
what  their  roles  are  in  [fulfilling]  those,” 


MANAGEMENT  REPORT 

The  Loyalty  Lag 


Ten  Ways  to  Develop  the 
Truly  Loyal  Employee 

Employees  who  stay  put  should  not  be 
confused  with  those  who  stay  loyal, 
according  to  a  new,  comprehensive 
study  of  worker  attitudes  in  business, 
nonprofit  and  government  organiza¬ 
tions.  Walker  Information,  a  research 
company  specializing  in  loyalty  and 
satisfaction  measurements,  released 
a  workplace  loyalty  report  in  Septem¬ 
ber.  The  study  distinguishes  the  “truly 
loyal”  employees  from  those  who  stick 
around  only  until  a  better  job  comes 
along  or  those  workers  who  feel 
trapped  in  their  jobs. 

Only  the  truly  loyal  workers  will  go 
the  extra  mile  to  delight  customers 
and  are  highly  motivated  in  their  work. 
These  employees  also  would  resist 
offers  of  other  jobs  and  would  recom¬ 
mend  their  companies  to  potential 
employees.  Too  bad  they're  so  scarce. 
Only  30  percent  of  survey  respon¬ 
dents  met  the  criteria.  Even  so,  Marc 
Drizin,  a  vice  president  at  Walker  and 
the  company’s  loyalty  specialist,  finds 
this  percentage  surprisingly  high, 
especially  in  light  of  the  recession.  His 
explanation  is  that  employees  who 
have  lasted  through  layoffs  sometimes 
feel  gratitude  and  obligation  toward 
their  companies. 

On  the  other  side  of  the  coin,  34  per¬ 
cent  of  respondents  were  classified  as 
“high  risk”  (meaning  they  were  neither 
committed  to  their  work  nor  planning 
to  stay  with  the  company  for  the  next 
two  years),  and  another  31  percent 
qualified  as  “trapped"  (not  attached 
to  their  work  or  employer  but  without 
prospects  for  other  jobs).  So  what 
management  actions  produce  the 
truly  loyal  employee? 


Walker  measured  the  attributes  of 
the  truly  loyal  along  two  dimensions: 
experiences  and  attitudes.  When  it 
comes  to  employees’  personal  experi¬ 
ences  of  their  workplaces,  the  top  five 
drivers  of  loyalty  are: 

1.  Care  and  concern  that  the  employer 
shows  for  workers— displayed  by 
working  conditions,  policies  and 
style  of  management. 

2.  Fairness  of  pay  and  evaluations. 

3.  Employees’ feelings  of  accom¬ 
plishment  in  their  work. 

4.  Satisfaction  with  daily  activities. 

5.  Management  appreciation  for 
employees’  ideas  and  input. 


Regarding  employees’  attitudes 

about  their  work  and  workplaces,  the 

top  five  drivers  of  loyalty  are: 

1.  An  employee-focused  atmosphere 
in  the  office— demonstrated  by  a 
clear  priority  put  on  staffers. 

2.  Development  opportunities— 
evinced  by  training. 

3.  The  quality  of  the  employee’s  job. 

4.  The  corporate  brand— that  is,  how 
the  employee  feels  about  it. 

5.  Personal  sacrifice  required  for  the 
job— that  is,  the  so-called  work-life 
balance. 

-Edward  Prewitt 


102  CIO  OCTOBER  1,  2003  •  www.cio.com 


ILLUSTRATION  BY  AMANDA  DUFFY 


High-speed  Access 

td  High-speed  talent 


Network  Security  Engineers  are  a  phone  call  away. 

To  keep  your  business  competitive,  you  need  the  right  IT  talent  at  just  the  right  time. 

With  more  than  100  locations  worldwide,  Robert  Half  Technology  is  a  leading  provider  of: 

•  Network  Security  Engineers  •  Web  Developers 

•  Help  Desk  Professionals  •  Database  Administrators 

•  Programmers  •  And  other  Technology  Professionals 

•  Network  Administrators 

With  our  exceptional  connections  to  the  best  technology  talent  available,  we’ll  do  more  than  provide 
cost-effective  solutions  to  your  needs  -  well  do  it  exactly  when  you  need  it. 

Call  today! 


800.793.5533 

roberthalftechnology.com 


ROBERT  HALF 

TECHNOLOGY® 


Information  Technology  Professionals 


©  Robert  Half  Technology.  EOE 


A  Robert  Half  International  Company 


says  Butler.  To  show¬ 
case  the  role  of  IT  to 
the  business  side  at  Cal¬ 
ifornia’s  Employment 
Development  Depart¬ 
ment,  she  has  invited 
developers  to  give  project  demos  to  execs, 
making  sure  to  emphasize  how  the  project 
improves  productivity. 

IT  staffers  place  great  value  in  ongo¬ 
ing  training,  but  typically  it’s  technical 
updates  they  want,  not  management 
training.  Ideally,  your  workers  should 
develop  skills  that  build  professionalism 
in  the  IT  group  and  align  with  the  com¬ 
pany’s  needs.  At  Documentum,  where  the 
business  side  puts  a  premium  on  soft 
skills  such  as  customer  service  and  nego¬ 
tiation  techniques,  Lin  works  with  the 
HR  department  to  provide  IT  people 


“If  you  know  how  to 
work  with  techies, 
they  are  the  easiest 
kind  of  employees 
to  motivate.  They 
don’t  need  cushy 
perks;  they  thrive 
on  creatively 
solving  problems.” 

-Jeff  Chasney,  executive 
vice  president  and  CIO, 
CKE  Restaurants 


with  training  in  those  areas.  “Without  the 
soft  skills,  IT  people  won’t  be  very  suc¬ 
cessful  working  with  our  internal  cus¬ 
tomers,”  Lin  says. 

The  CIO’s  ultimate  role  is  to  harness 
technology  for  the  organization’s  best  use. 
The  most  successful  CIOs  know  what 
motivates  their  staffs  and  how  to  lead 
them  toward  success.  HH 


Send  your  feedback  to  hotseat@cio.com.  Opinion 
and  Knowledge  Management  Editor  Megan 
Santosus  can  be  reached  at  santosus@cio.com. 


Leadership  Agenda  by  susan  h.cramm 

TheM.I.A.  CIO 

Five  ways  to  regain  your  focus — and  retain  your  job 

You  are  in  a  funk.  Your  work  has  turned  into  a  grind,  your 
calendar  is  out  of  control,  and  issues  are  growing  into 
problems.  The  focus  and  energy  that  you  once  had  are 
dissipating.  People  in  your  organization  have  noticed— 
they  describe  you  as  distracted,  disengaged  and  tense. 
You  are  the  missing-in-action  CIO— present  in  body  but 
not  in  mind  and  spirit. 

You  are  not  alone.  Ninety  percent  of  professionals  are  living  a  less  than 
purposeful  existence— either  in  a  state  of  disengagement,  distraction  or 
procrastination— according  to  Heike  Bruch  and  Sumantra  Ghoshal,  authors 
of  “Beware  the  Busy  Manager”  (Harvard  Business  Review,  February  2002). 
What  state  you  find  yourself  in,  say  the  authors,  depends  on  the  relative  levels 
of  two  factors:  focus,  which  is  “the  ability  to  zero  in  on  a  goal  and  see  the  task 
through  to  completion,”  and  energy,  defined  as  “vigor  that  is  fueled  by  intense 
personal  commitment.” 

Most  likely,  you  started  off  in  your  current  position  with  a  strong  sense 
of  purpose  and  the  ability  to  see  problems  and  solutions  in  stark  relief.  You 
defined  and  tackled  your  laser-sharp  agenda  with  limitless  energy  and  enthu¬ 
siasm.  But  as  time  passed,  you  lost  interest  or  ran  into  obstacles  or  got 
overloaded  and  joined  the  suffering  90  percent. 

Great  leaders  understand  how  to  renew  their  leadership  agenda.  They  have 
the  self-awareness  and  self-discipline  to  identify  and  overcome  their  malaise. 
Many  of  us  have  used  job-hopping  as  a  primary  means  of  leadership  renewal. 
Although  crude  (in  that  it  does  not  force  you  to  face  the  root  causes  of  your 
leadership  malaise),  it  is  effective— as  long  as  there  is  a  strong  job  market  and 
you  are  a  hot  commodity.  Now  more  than  ever,  given  the  weak  economy  and 
aging  demographic,  the  ability  to  renew  your  focus  and  energy  and  regain 
your  purposeful  footing  is  important.  If  you  are  ready  to  take  back  your  job, 
here’s  what  you  should  do. 

MAKE  THE  TIME.  It  should  come  as  no  surprise  to  learn  that  purposeful 
leaders  schedule  time  on  their  calendars  to  think  and  reflect.  Many  hectic 
managers  find  this  task  almost  impossible  and  require  outside  assistance 
from  a  trusted  adviser  to  help  them  do  calendar  analysis  and  surgery.  Since 
your  schedule  consists  primarily  of  meetings,  the  easiest  way  to  make  time  is 
to  reduce  the  frequency  and  duration  of  meetings  (try  saying,  “When  someone 
asks  for  one  hour,  they  get  half  an  hour"),  eliminate  certain  meetings  (“I  don’t 
meet  with  vendors”)  and  activities  (“My  assistant  answers  my  phone  and 
reviews  e-mails”  or  “I  read  e-mails  and  check  voice  mail  once  a  day"),  and 
delegate  project  work  that  you  have  picked  up  along  the  way. 

OPEN  YOUR  EYES.  Balanced  feedback  will  motivate  and  sharpen  your 
focus  and  build  your  commitment  on  the  issues  and  opportunities  that  need 
to  be  addressed.  Go  regularly  to  the  front  lines  of  your  organization  (where 


04  CIO  OCTOBER  1,  2003  •  www. cio.com 


Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can 
measure.  A  network  solutions  and 
services  provider  called  NextiraOne. 

At  NextiraOne,  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing, 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures. 

In  the  United  States  or  around  the 
world.  You  name  it,  we  do  it  -  with 
world-class  results. 

www.NextiraOne.com  (888)  888-1055 


nexhra 


It  ain’t  braggin’ 
if  you  can  do  it 


Hot 

Seat 


your  employees 
interact  with  their 
customers  and 
suppliers)  to  assess 
your  positioning  and 
identify  opportuni¬ 
ties  around  shareholder  value,  cus¬ 
tomer  service  and  cost-effectiveness. 
GET  OTHERS  INVOLVED.  Leaders 


aren’t  expected  to  have  all  the  answers, 
and  leadership  is  not  a  solitary  pursuit. 
A  collaborative  process  of  defining 
goals,  strategies,  priorities  and  tactics 
will  strengthen  commitment,  increase 
your  influence  and  energize  everyone 
involved.  In  addition,  if  you  are  risk- 
averse,  sharing  priorities  and  responsi¬ 
bilities  will  go  a  long  way  to  quiet  your 
fears  about  the  career  impact  of  set¬ 
backs  and  failures.  For  more  informa¬ 
tion  on  strategy-making,  see  my 
previous  column,  “Strategic  Fitness,” 
at  www.cio.com/printlinks. 

EXPRESS  YOURSELF.  Someone 
once  said,  it  is  easier  to  maintain 
your  focus  and  energy  if  your  career 
expresses  who  you  are  rather  than 
what  you  do.  Look  at  a  CIO  who  is  an 
adrenaline  junkie  (with  hobbies  like 
car  racing,  flying  and  downhill  skiing). 
The  CIO  role  is  going  to  drive  him  crazy 
unless  he  figures  out  a  way  to  keep 
initiatives  on  a  fast  cycle  time  and  lets 
people  with  a  longer  attention  span  run 
operations. 

WORK  WITH  A  NET.  If  the  prospect 
of  losing  your  job  makes  you  queasy, 
you  need  a  safety  net  that  gives  you 
the  freedom  to  define  your  leadership 
focus  and  approach.  Some  of  you  are 
blessed  with  a  mental  safety  net  (your 
outlook  is  that  “everything  is  going  to 
be  OK”),  while  the  rest  need  some¬ 
thing  more  tangible— safety  nets  that 
ensure  that  your  financial  needs  will  be 
met.  There’s  nothing  like  money  in  the 
bank  and  the  ability  to  earn  a  living  as 
a  contractor  or  consultant  to  give  you 
the  courage  to  take  risks,  make  hard 


decisions  and  negotiate  effectively. 

The  leadership  renewal  process  I’ve 
outlined  here  requires  that  you  leave 
your  "old”  job,  assess  your  effective¬ 
ness,  and  replace  yourself  with  a  more 
effective  successor.  Do  yourself  and 
your  organization  a  favor:  Mentally  fire 
yourself  today  and  walk  in  tomorrow 
like  it's  your  first  day  on  the  job. 


Reader  Q&A 

Susan  H.  Cramm  answers 
questions  on  “The  M.I.A.  CIO  ” 

Q:  Your  article  describes  my  situation 
perfectly.  I  am  a  CIO  for  a  very  success¬ 
ful  financial  services  company.  My  job 
is  very  challenging,  rewarding  and 
boring.  I  have  built  a  great  working 
relationship  with  my  boss  (the  CEO) 
and  other  executives.  However,  I  am 
finding  myself  losing  more  interest  day 
after  day.  I  want  to  quit  my  job  alto¬ 
gether  and  join  a  small  startup  where 
I  can  expand  my  responsibility  over 
other  areas  such  as  sales  and  market¬ 
ing,  product  development,  and  opera¬ 
tions.  Do  I  exhibit  typical  signs  of 
burnout,  or  am  I  just  going  through  a 
midlife,  midcareer  crisis? 

A:  Don’t  ignore  your  current  feelings, 
but  don’t  change  for  change’s  sake. 
Base  any  actions  on  insights  on  your 
skills,  knowledge,  talents,  motivators, 
likes  and  dislikes,  and  practical  consid¬ 
erations  regarding  financial  security, 
prior  experience,  networking  and 
reputation.  I  am  currently  working  with 
a  client  who  wants  a  change  but  is 
security-minded  given  his  family 
responsibilities.  We  have  identified  his 
career  goal  and  opportunities  within  his 
current  company  that  will  help  move 
him  forward.  For  more  information  on 
defining  your  career  destination  and 
plan,  please  read  one  of  my  previous 
columns,  “Is  This  Job  All  There  Is?” 

( www.cio.com/printlinks ). 


Q:  A  couple  of  things  are  missing  from 
your  list  of  what  to  do.  A  focus  on  family 
and  friends  is  more  important  than 
spending  all  my  energy  at  work.  Those 
are  the  true  lasting  relationships.  It’s 
there  that  I  gain  my  energy  to  work.  My 
family  members  also  help  me  focus  on 
work  because  of  the  importance  of 
supporting  them.  Also,  you  neglected 
outside  interests;  hobbies,  sports  and 
so  on  are  how  people  recharge  them¬ 
selves.  Life  isn’t  all  about  work. 

A:  Congratulations!  It  sounds  to  me 
like  you  are  a  proud  member  of  the 
purposeful  10  percent.  In  your  case, 
you  express  yourself  by  ensuring  that 
your  work  supports  your  desire  to 
nurture  and  support  your  family  and 
foster  relationships.  My  guess  is  that 
your  focus  on  relationships  is  something 
that  is  part  of  your  personal  DNA  and 
that  you  are  able  to  express  it  on  a  day- 
to-day  basis  in  your  job.  It's  true  that  life 
isn’t  all  about  work.  It’s  also  true  that  if 
you  are  spending  10  hours  a  day  doing 
things  that  don’t  feed  your  soul,  you  will 
ultimately  join  the  suffering  90  percent. 

Q:  Most  of  us  are  disengaged,  dis¬ 
tracted  or  procrastinating.  Can  any¬ 
body  really  avoid  that?  I  don’t  know 
anyone  in  that  10  percent  group. 

A:  It  is  true  that  the  purposeful 
10  percent  are  the  enviable  minority. 
Regaining  purposeful  footing  is  difficult 
because  the  catalyst  for  change  must 
be  created  internally.  The  renewal 
process  requires  the  self-awareness  to 
identify  the  need  for  change,  the  self- 
discipline  to  work  through  the  discov¬ 
ery  process,  and  the  self-confidence  to 
put  your  insights  into  action.  BE] 


To  see  more  reader  questions  and  answers 
from  Susan  H.  Cramm,  go  to  www.cio.com/ 
leadership/agenda. html.  Cramm  is  president  of 
Valuedance,  an  executive  coaching  firm  based 
in  San  Clemente,  Calif.  Her  e-mail  address  is 
scramm@cox.net. 


106  CIO  OCTOBER  1,  2003  •  www.cio.com 


The  Business  Objects  logo  and  BusinessObjects  are  trademarks  or  registered  trademarks  of  Business  Objects  SA.  ©2003  Business  Objects  SA.  All  rights 


- 

End-to-end  business  intelligence. 
One  BI  vendor.  IT  nirvana. 


There  are  basically  two  ways  for  IT  to  implement 
your  enterprise  business  intelligence  solution. 
You  could  try  to  cobble  together  pieces  from 
multiple  vendors.  Or  you  can  choose 
BusinessObjects™  Enterprise  6  from 
Business  Objects.  And  experience 
end-to-end  business  intelligence 
for  your  entire  enterprise. 

With  Enterprise  6,  you'll  be  able  to  provide  a 
complete  suite  of  integrated  business  intelligence 
software  that  meets  the  needs  of  all  your  users. 
It  includes  the  industry's  best  web  query, 
reporting,  and  analysis  capabilities.  The  most 


advanced  and  complete  suite  of  analytic 
applications.  The  best  packaged  application 
connectivity.  And,  of  course,  end-to-end  product 
integration.  Today,  more  than  17,500 
companies  rely  on  award-winning 
Business  Objects  business  intelligence 
solutions  to  track,  understand,  and 
manage  enterprise  performance. 
Perhaps  you  should,  too.  To  get  started,  view  our 
BusinessObjects  Enterprise  6  interactive  product 
demonstration  or  download  our  free  technical 
white  paper  at  www.businessobjects.com/e2e. 
And  indulge  yourself  in  IT  nirvana. 


£ 

Business  Intelligence  from  Business  Objects 


Data  Sources 


BusinessObjects* 


Cl!  ENTERPRISE 
VALUE  RETREAT 


FEBRUARY  8  -  10,  2004 

TRUMP  INTERNATIONAL  SONESTA  BEACH  RESORT 
SUNNY  ISLES  BEACH,  FLORIDA 


IT’S  ALL  ABOUT  I.T.  VALUE 


This  is  the  event  for  CIOs  who  are  concerned  with 
articulating,  delivering  and  demonstrating  the  value  IT 
brings  to  the  enterprise.  While  some  pundits  say  IT  is  only  a 
commodity,  we  believe  IT  continues  to  be  at  the  forefront  in 
increasing  your  competitive  advantage.  To  give  you  more 
ways  of  looking  at  IT  value,  we  incorporate  research  and  case 
studies  from  Peter  Weill’s  work  at  MIT  Sloan  School  of 
Management.  We  put  you  together  with  CIOs  who  are  the 
winners  of  this  year’s  CIO  Enterprise  Value  Awards. 

And  we  give  you  the  opportunity  to  learn  from  each  other. 


Call  800.355.0246  or  visit  us  at  www.cio.com/conferences 


The  discussion  and 
information  exchange 
with  peers  is  invalu¬ 
able.” 


Robert  Odenheimer, 
SVP,  IT  Operations, 
Magellan  Behavioral  Health 


“The  content  presented 
by  Peter  Weill  was  an 
excellent  framework  to 
discuss  current  chal¬ 
lenges  with  a  very 
interesting 
peer  group.” 

Chris  Acton,  Global  IS, 
Rio  Tinto  Borax 


“Lessons  learned  are 
not  the  usual  aca¬ 
demic  fare,  but  the 
subtleties  of  the  cul¬ 
tural  and  technological 
minefields.” 

Evelyn  Lockett  Woods, 
EVP/CIO,  Joint  Commission  on 
Accreditation  of  Healthcare 
Organizations 


Call 

800.355.0246 
or  visit  us  at 
www.cio.com/ 
conferences 


Retreat  Moderator 

Peter  Weill 

Director,  Center  for 
Information  Systems 
Research,  MIT  Sloan 
School  of  Management 


The  Case 
Studies 

Peter  Weill  once  again  presents 
new  findings  and  case  studies 
from  work  with  hundreds  of 
Global  1000  companies,  focus¬ 
ing  on  three  key  areas:  IT  infra¬ 
structure  for  strategic  agility, 
effective  business  models,  and 
IT  governance. 

>  IT  Infrastructure  for 
Strategic  Agility 

Strategic  agility  -  the  ability  to 
implement  new  business  initia¬ 
tives  quickly  and  cost  effectively 
—will  be  an  increasingly  impor¬ 
tant  capability  for  enterprises  in 
2004.  IT  infrastructure  is  one  of 
critical  platforms  required  for 
strategic  agility.  Investing  in  the 
right  infrastructure  at  the  right 
time  enables  rapid  implementa¬ 
tion  of  future  electronically 
based  business  initiatives  and 
cost  reduction  of  current  busi¬ 
ness  processes— i.e.,  more  busi¬ 
ness  value.  This  session 
presents  a  framework  for  senior 
executives  to  view  IT  infrastruc¬ 
ture  in  business  terms  and  to 
lead  in  making  investment  deci¬ 
sions.  Weill  illustrates  how  firms 
successfully  implement  and 
exploit  their  IT  infrastructures 
with  several  case  studies. 

>  Do  Some  Business 
Models  Perform  Better 
than  Others? 

In  an  increasingly  connected 
business  world  the  business 


model— what  a  firm 
does  and  how  they 
make  money— is  a 
critical  strategic 
decision.  Under¬ 
standing  what  busi¬ 
ness  models  are 
used,  how  they  are 
combined,  and  which  are  most 
successful  is  important  for  every 
senior  manager.  In  addition, 
firms  implementing  each  model 
use  IT  differently— resulting  in 
different  IT  portfolios.  This  pres¬ 
entation  provides  a  new  and 
powerful  way  to  analyze  a  firm’s 
business  model  and  then  think 
about  the  IT  needs. 

>  IT  Governance  Workshop 

In  response  to  strong  interest  in 
last  year’s  session  on  IT  gover¬ 
nance,  Weill  leads  a  workshop 
on  how  top  performers  govern. 
He  presents  case  studies  and 
insights  from  MIT  CISR’s  study 
of  effective  IT  governance  in  256 
enterprises  in  23  countries.  A 
framework  is  presented  in  this 
workshop  to  analyze  and  com¬ 
municate  governance,  illus¬ 
trated  with  cases  studies  of  top 
performers. 

>  Monday’s  Case  Study 
Workgroups 

Monday  at  lunch  we  divide  into 
small  groups  to  investigate  the 
link  between  business  strategy 
and  IT  infrastructure  in  a  new 
case  study.  The  case  is  based  on 
a  global  multi-business  unit  firm 
in  the  healthcare  industry  mov¬ 
ing  from  a  fully  decentralized 
approach  to  information  tech¬ 
nology  to  providing  some  firm¬ 
wide  IT  infrastructure.  The 
challenge  for  your  group  is  to 
advise  the  newly  appointed  CIO. 
Groups  will  report  back  with 
their  recommendations. 


The  Enterprise 
Value  Award 
Winners 

They’re  scrutinized  by  CIO  edi¬ 
tors,  Review  Board  members, 
and  our  judging  panel  of  top- 
notch  CIOs.  Meet  the  winners  of 
the  prestigious  CIO  Enterprise 
Value  Award  and  learn  how  they 
delivered  true  value. 

>  The  Value  Proposition 

Our  panel  of  CIO  Enterprise 
Value  Award  winners  talks  about 
the  ongoing  difficulty  inherent  in 
demonstrating  and  delivering  IT 
value.  How  do  you  convince  your 
CEOs,  CFOs  and  COOs— who 
may  think  IT  is  just  a  commodity, 
a  utility— that  its  intelligent 
application  and  deployment 
can  and  does  indeed  bring 
strategic  value  to  the  business. 

>  Monday  Night’s  Gala 
Awards  Ceremony  & 

Dinner 

We’ll  announce  the  winner  of 
the  Grand  CIO  Enterprise 
Value  Award— and  honor  all 
the  winners  in  the  industry  cat¬ 
egories  at  a  black-tie  recep¬ 
tion,  awards  ceremony  and 
dinner.  It’s  a  great  time  to  cele¬ 
brate  with  your  CIO  peers. 

>  Conversations  with 
This  Year’s  Winners 

We  offer  breakout  sessions  with 
the  CIOs  of  this  year’s  winning 
organizations.  It’s  your  chance 
to  talk  at  a  more  intimate  level, 
discuss  their  particular  case  in 
more  detail  and  take  away  les¬ 
sons  you  can  apply  to  your  own 
organization  back  home. 


The  Peer 
Networking 

CIOs  tell  us  it’s  as  important  to 
have  opportunities  to  meet  infor¬ 
mally  with  their  peers  as  it  is  to 
participate  in  the  Retreat  ses¬ 
sions.  We  give  you  more  oppor¬ 
tunities  to  meet  and  learn  from 
more  of  your  peers  over  three 
days,  with  the  golf  tournament 
Sunday  morning,  informative 
chats  at  breakfast  and  lunch 
roundtables,  the  intensely  inter¬ 
active  case  study  workgroup  ses¬ 
sions,  and  relaxed  conversations 
during  the  daily  receptions.  And 
we’re  happy  to  hook  you  up  with 
other  attendees  or  corporate 
sponsors  you’d  like  to  meet. 


Sunday  Night  Special  Event 


Jimmy  Tingle’s 
Uncommon  Sense 


It’s  a  scary,  unpredictable— and 
absurd— world  we  live  in.  Satirist, 


comedian  and  com¬ 
mentator  Jimmy 
Tingle  takes  us  on  a 
highly  personalized 
tour  of  the  absurdi¬ 
ties  of  modern  life. 
You've  got  to  laugh 
to  survive. 


This  year’s  Enterprise  Value  Retreat 
Awards  Ceremony  is  proudly  undenA/rit- 
tenby 

<bmcsof!ware 

Assuring  Business  Availability® 


Presented  by 

oo 


Sales  and  Services 

CIO  SALES  OFFICES 

President  Walter  Manninen 
Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

East  Coast 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly  •  508  935-4586 

Senior  Regional  Mgr. 

Kathy  Powers  •  201 634-2331 
Regional  Sales  Manager 
Ellie  Schwab  •  201 634-2332 
Account  Executive 
Joan  Bonadeo  •  201 634-2328 
Advertising  Sales  Associates 
Rhonda  Goodman  •  201 634-2329 
Sharon  Patrick  •  201 634-2333 
Fax  •  201 634-9513 

New  England 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly -508  935-4586 

Senior  Advertising  Sales  Associate 

Dawn  Cora  •  508  935-4092 
Fax  •  508  879-6063 


South  Central 

Regional  Director/ Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 

Senior  Advertising  Sales  Associate 

Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 

North  Central 

District  Sales  Manager 

Beth  DeVillez  •  847  441-3140 

Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 
Fax  *847  441-5150 

West  Coast 

VP  Sales/West 

Cheri  Parr  •  415  975-2685 

Senior  Regional  Manager/ Advertising  Sales 

Jane  Evans  •  415  975-2680 

Regional  Manager/Advertising  Sales 

Ai  Collins -415  975-2686 

Account  Executive 

Derek  Jung -415  975-2683 

Fax  •  415  543-2358 

Southern  California 

Account  Executive 

Issac  Ugay  •  949  475-5579 
Fax  •  949  475-5583 


LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Online  Sales  Manager 

Michael  McPhee  •  508  935-4611 

CUSTOM  PUBLISHING 

Group  Director  •  Michael  Siggins 

Director  •  Mary  Gregory 

Director  of  Content  Development  •  Tom  Field 

Project  Managers  •  John  Danielowich,  Amy 

Greenleaf 

Graphic  Designer  •  Chris  Brown 

REPRINT  SERVICES 

For  article  reprints  (500  quantity  or  more), 
please  contact  Chad  Johnston  at 
RSiCopyright  (651 582-3800)  or  via  e-mail 
at  cioreprints@rsicopyright.com. 

CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 


Index  of  Companies  and  Advertisers 

Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the 
company  has  a  substantial  mention.  This  index  is  provided  as  a 
service  to  readers.  The  publisher  does  not  assume  any  liability  for 
errors  or  omissions. 


I 


COMPANY  INDEX 

AARP  . 74 

Aegis  Communications 
Group  Inc . 24 

Alcoa  Inc . 24 

AMR  Research  Inc . 54 

Avaya  Inc . 24 

BEA  Systems  Inc . 54 

BT  Group  PLC  . 44 

Cap  Gemini  Ernst  &  Young  .  .  64 
Carmina  Technologies  Inc.  .  .  24 

CKE  Restaurants  Inc . 98 

Cutter  Consortium  . 64 

Defensive  Thinking  LLC  ....  96 

Documentum  Inc . 98 

ePIus  Inc . 74 

Farmers  Insurance  Group  ...  84 

FMR  Corp . 54 

Forrester  Research  Inc . 24 

Gartner  Inc .  24,  54,  64,  74 

General  Electric  Co . 24 

General  Motors  Corp . 54 

G  re  if  Inc . 74 

Honeywell  Aerospace  . 74 

IBM  Corp . 24,  54 


Intel  Corp . 44 

International  Data  Corp . 54 

J.P.  Morgan  Chase  &  Co.  ...  54 
Kaiser  Permanente . 54 

Last  Stage  of  Delirium  Research 
Group,  The  . 92 

Meta  Group  Inc . 24,  54 

Michael  Baker  Corp . 74 

Microsoft  Corp . 54,  92 

Moody's  Investors  Service 
Inc . 40 

Motorola  Inc . 64 

NCR  Corp . 24 

Northrop  Grumman  Mission 
Systems  . 98 

Oracle  Corp . 54 

PricewaterhouseCoopers  .  24,  74 

Russell  Reynolds  Associates 
Inc . 24 

Sikorsky  Aircraft  Corp . 24 

Sonic  Software  Inc . 54 

Sun  Life  Financial  Inc . 74 

Sun  Microsystems  Inc . 54 

Tyco  International  Ltd . 24 

Unisys  Corp . 24 

Vanguard  Group,  The . 98 


Walker  Information  Inc . 98 

Wells  Fargo  &  Co . 64 

Zurich  Financial  Services  ...  84 

ADVERTISER  INDEX 

AMS  . 90,91 

Autodesk  Inc . 69 

Avaya  . 29 

BearingPoint  Inc . 63 

Blazent . 25 

BT  . 89 

Business  Objects  Inc . 107 

Cisco  Systems  Inc . 20 

Citrix  Systems  Inc . 19 

Cognos  .  2 

CXO  Media  Inc. 


....  33,  48,  78,  87,  93, 108 
Dell  Computer  Corp.  .  30,  72,  73 

Enterasys  Networks . 61 

Fujitsu . 6 

Fujitsu  PC  Corp . 37 

Hewlett-Packard 

.  35,  87  (regional) 

IBM  Corp . 14,  82,  99, 101 

Informatica  Corp . 47 

Internet  Security  Systems  . .  45 


Legato  Systems  Inc . 32a 

Maryville  Technologies 
(regional) . 93 

Microsoft  Corp . C2,  41 

NEC  Solutions  Inc . 38 

NextiraOne  . 105 

Nortel  Networks  . 13 

Novell  . 71 

Opsware  Inc . 17 

Oracle  Corp . 27 

PeopleSoft  Inc . C4 

Primavera  Systems  Inc . 51 

Protiviti  Inc . 9 

Qualcomm  . 43 

Qwest  Communications 
Inti.  Inc . C3 

Ricoh  Corp .  77,  79,  81 

Robert  Half  Technology  .  . .  103 

Samsung . 10 

Sony  Electronics  Inc . 53 

Sprint . 5,  111 

TIBCO  Software  Corp . 95 

United  Way  (regional) . 97 

US  LEC  (regional) . 97 

Xerox  Corp . 23 


France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pi 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html. 


CIO  Contact 
Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080, 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/ January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2003  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO,  492 
Old  Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol: 

Subscriptions:  Address  inquiries  to 
CIO,  P.O.  Box  489,  Northbrook,  IL 
60065-0489;  866  354-1125.  CIO  is 
free  to  qualified  information  execu¬ 
tives.  To  all  others  the  one-year  basic 
rate  is  $150  for  the  United  States  and 
Canada,  $195  to  foreign  countries 
(payable  in  U.S.  funds  only).  The 
single  copy  price  is  $9.  Please  allow 
four  to  six  weeks  for  new  subscrip¬ 
tions  to  begin. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of  address 
to  CIO,  P.O.  Box  489,  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S.A. 


110  CIO  OCTOBER  1 


2003 


www.cio.com 


Copyright  ©  Sprint  2003.  All  rights  reserved. 


Its  time  for  the  death  of  fingerpointing. 


1  wireless  vendor  + 1  wireline  vendor  + 1  problem  =  multiple  places  to  place  blame.  That's  when  problems 
can  really  multiply.  And  that's  time  for  Sprint.  Sprint  built  its  wireline/wireless  network  from  the  ground  up. 
Designed  it  specifically  for  greater  reliability  and  security.  We  stand  behind  it.  And  our  industry-leading 
SLAs  back  it  up.  Let  us  show  you  how  end-to-end  accountability  works.  Especially  if  you  have  a  network 
that  doesn't.  It's  time  for  Sprint.  Go  to  sprintbiz.com/time,  or  call  1 866  629-5023. 


Sprint 


One  Sprint.  Many  Solutions.” 


Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


COVER  STORY  I  Web  Services 
Standards  Battle 

Christopher  Koch  I  54 

The  year  2003  will  not  be  known  as 
the  year  of  Web  services;  more  likely, 
it  will  be  remembered  as  the  year  the 
standards  process  began  to  fall  apart.  No 
fewer  than  four  organizations — Liberty 
Alliance,  Oasis,  W3C  and  WS-1 — are  vying 
to  preside  over  the  process,  each  with  differ¬ 
ent  goals  and  degrees  of  power  and  influ¬ 
ence.  Uneasy  and  fragile  alliances  quake 
under  the  pressure  of  enormous  revenue 
potential,  and  bickering  seems  to  doom  the 
outcome,  promising  a  proliferation  of  con¬ 
fusing,  duplicative  Web  services  standards 
emerging  in  the  next  few  years.  Some  will 
be  proprietary,  and  some  will  not,  with 
unclear  patent  and  licensing  implications 
for  CIOs.  And  the  ultimate  result  will  be  a 
lot  of  wasted  money  for  CIOs.  Though  some 
practitioners,  including  Fidelity,  GM,  J.P. 
Morgan  Chase  and  Kaiser  Permanente  are 
participating  in  standards  bodies,  it’s  a  time- 
consuming  commitment,  so  vendors  con¬ 
tinue  to  dominate.  If  CIOs  remain  on  the 
sidelines,  they  will  end  up  forced  to  choose 
from  among  multiple  Web  services  standards 
that  may  not  interoperate,  may  have  limited 
life  spans,  and  may  come  with  fees  or  other 
onerous  patent  and  licensing  requirements. 

“The  structure  of  these 
groups  is  backward.  The 
users  should  be  the  ones 
creating  the  standards, 
and  the  vendors  should  be 
adopting  them.  Right  now, 
users  have  to  take  what 
the  vendors  feed  them.” 

-Eric  Austvold, 
research  director  for  AMR  Research 


Web  Services  Risk  Mitigation  ByEianaVaron  I  64 

MANY  COMPANIES  THAT  HAVE  EXPERIMENTED  with  Web  services  are  beginning  to  put 
pilot  projects  into  production.  The  smartest — including  Motorola,  the  U.S.  Navy  and  Wells  Fargo — 
are  taking  an  enterprise  view,  developing  policies  for  the  technology’s  strategic  use  that  take  into 
account  its  effect  on  existing  IT  infrastructure  and  applications.  Their  strategies  seek  to  mitigate  the 
five  major  risks  of  Web  services:  lack  of  security,  unsettled  standards,  questionable  vendor  viability, 
uncertain  adoption  by  trading  partners  and  lack  of  enterprise  ROI  evidence.  For  example,  the  Navy’s 
coping  strategy  is  to  use  its  market  influence  with  standards  organizations  to  cajole  vendors  into  sup¬ 
porting  as  many  of  the  emerging  standards  as  possible.  The  Navy’s  vendor  neutrality  presumes  infra¬ 
structure  vendors  will  eventually  provide  products  to  work  with  any  standard  and  therefore  mean 
easy  integration.  Motorola  has  decided  to  hedge  bets  by  investing  in  both  Sun’s  and  Microsoft’s  com¬ 
peting  Web  services  development  platforms. 


It  Ain’t  Over  Until  You  Do  the  PIA  By  Meridith  Levinson  I  74 

ALTHOUGH  ONLY  20  PERCENT  of  IT  shops  in  the  general  population  perform  post-imple¬ 
mentation  audits  (PLAs)  on  IT  projects,  66  percent  of  companies  honored  with  the  CIO  100  Award 
for  resourcefulness  this  summer  routinely  conduct  audits.  That  ought  to  tell  you  something.  PLAs 
are  among  a  resourceful  company’s  best  tools  for  proving  the  value  of  high-cost,  mission-critical  IT 
investments  and  for  gleaning  project  management  best  practices,  which  CIOs  can  then  apply  to 
subsequent  projects.  Companies,  including  manufacturer  Greif,  Honeywell  Aerospace  and  Sun  Life 
Financial,  have  found  ways  to  overcome  political  and  resource  hurdles  to  make  audits  a  routine  proj¬ 
ect  management  practice.  They’ve  figured  out  the  best  timing  for  audits,  who  should  conduct  them, 
how  to  make  the  findings  actionable  and  how  to  incorporate  learning  back  into  project  practices. 


The  Business  Education  of  Jan  Franklin  By  Alice  Dragoon  I  84 

FRANKLIN  SPENT  ONE  AND  A  HALF  YEARS  as  an  executive  director  on  the  business  front 
lines  before  becoming  CIO  of  Farmers  Insurance,  an  experience  that  yielded  valuable  lessons  for  any 
CIO.  Once  known  as  a  no-nonsense  manager  with  little  patience  for  office  politics  or  excuses,  Franklin 
realized  the  importance  of  listening  to  those  in  the  field.  She  introduced  metrics  to  the  service  center  she 
managed,  a  concept  that  took  getting  used  to  for  some,  but  even  initial  measurements  showed  improve¬ 
ments.  However,  she  learned  that  metrics  don’t  tell  you  everything:  A  seemingly  innocuous  system  hic¬ 
cup  can  have  a  huge  impact  on  customer  service.  Above  all,  she’s  learned  a  new  style,  one  that’s  much 
more  collaborative.  Nowadays,  she’s  more  likely  to  coach  than  dictate. 


Hot  Seat:  Secrets  to  Managing  Techies  By  Megan  Santosus  I  98 

CIOS  WHO  WANT  TO  BE  EFFECTIVE  LEADERS  need  to  emulate  psychologists  rather  than 
sergeants.  IT  employees  don’t  respond  well  to  a  leadership  style  based  on  power  and  control.  That’s 
because  IT  work — programming,  systems  analysis,  troubleshooting  and  the  like — is  centered  on  indi¬ 
vidual  problem-solving  rather  than  activities  that  can  be  directed  from  above.  CIOs  must  facilitate 
work  that  is  often  chaotic  and  goals  that  are  rife  with  ambiguities.  Their  leadership  goals  include  align¬ 
ing  IT  projects  with  business  strategy,  conveying  direction  that’s  consistent  with  that  strategy  and  keep¬ 
ing  IT  employees  focused  on  end  user  needs.  Too  often,  though,  CIOs  (revealing  their  roots  in  the  IT 
ranks)  make  the  mistake  of  focusing  on  technology  rather  than  employees.  Finally,  when  it  comes  to 
developing  IT  career  tracks,  CIOs  have  to  take  the  lead:  IT  workers — motivated  more  by  technology 
than  status  or  ladder-climbing — often  treat  career  development  as  an  afterthought. 


112  CIO  OCTOBER  1,  2003  •  www. cio.com 


REI  WORKS  WITH  QWEST 

Cutting-edge  technology  is  vital  to  winning  new  business,  but  it’s  only  half  of  the  package.  You  need  great 
people  and  great  service  to  make  it  all  come  together.  That’s  what  we  believe  at  Qwest,®  and  we  prove  it  every 
day  to  companies  like  Recreational  Equipment,  Inc.  When  they  said  “no  downtime,”  Qwest  listened  and 
delivered.  We  implemented  a  complete  Dedicated  Internet  Access  solution  for  REIjM  beating  their  delivery 
date  by  two  weeks.  With  this  service  up  and  running,  REI’s  Internet  sales  continue  to  see  double-digit  growth 
year  after  year.  Their  success  is  our  success.  It’s  a  relationship  that  continues  to  this  day.  It’s  our  Spirit  of 
Service'  commitment.  And  it’s  what  sets  us  apart. 


Janie  Scarborough,  Global  Account  Manager,  Qwest  Communications 


Qwest 


Spirit  of  Service  ' 


VOICE  SOLUTIONS 

To  find  out  how  we  can  put  the  Spirit  of  Service  to  work  for  you,  data  solutions 

visit  us  at  qwest.com/bizspirit  or  call  us  at  1  800-506-0663.  internet  solutions 

MANAGED  SOLUTIONS 


Qwest  DIA  is  available  throughout  the  United  States.  Qwest  DIA  service  also  provides  high-speed  Internet  access  to  more  than  240  major  cities  in  19  European  countries.  However,  customers  in  the  states  of 
AZ,  CO,  IA,  ID,  MN,  MT,  ND,  NE,  NM,  OR,  SD,  UT,  WA  and  WY  will  have  their  Qwest  Internet  services  provided  in  conjunction  with  a  separate  Global  Service  Provider  (GSP).  This  provider  will  supply 
customers  with  connectivity  to  the  global  Internet.  When  Qwest  receives  regulatory  relief,  it  will  offer  this  service  without  the  use  of  a  GSP.  ©2003  Qwest  Communications  International  Inc. 


Ever  need  consultants  to  figure  out 
how  much  your  consultants  cost? 


Only  PeopleSoft  Enterprise  Service  Automation  delivers  proactive  control  over  outside  services  spending. 

PeopleSoft  ESA  is  the  only  complete  solution  for  managing  the  expense  of  outside  contractors,  consultants 
and  temps.  It  enables  you  to  know  exactly  who's  doing  what  and  how  much  it  is  costing.  And  PeopleSoft  ESA 
matches  the  right  skills  to  the  right  projects  in  real  time.  So  you  minimize  outside  services  spending,  while 
maximizing  its  value.  Learn  more  by  visiting  usatwww.peoplesoft.com/realtimeorcall  1-888-773-8277. 


®  I  Enterprise  Service  Automation 


PeopleSoft 


©  2003  PeopleSoft,  Inc.  PeopleSoft  is  a  registered  trademark  of  PeopleSoft,  Inc. 


